[Freedombox-discuss] Trusted Computing Modules
Eugen Leitl
eugen at leitl.org
Tue Dec 6 15:00:17 UTC 2011
On Tue, Dec 06, 2011 at 06:43:08AM -0800, Chris Troutner wrote:
> I did some work for a company a few years ago writing a Linux driver for
> their TPM chip. From a software perspective, the TPMs rock.
The problem is also trusting the design of the TPM. Most of
current TPM is implemented as a discrete smartcard-like chip
on a motherboard, and you'd probably trust
e.g. http://www.g10code.com/p-card.html a little bit more
than any random G&D device.
What's interesting about smartphones as a platform is that
they have a removable (micro) SIM slot so that you'd have
an optional, separable functionality for custom smartcards.
This is orthogonal to crypto accelerators, any FBX ARM box
can very much profit from crypto accelerators, especially
considering functions like SSL session setup which can
be useful for mesh routing over VPN tunnels over the Internet.
> However, the TPMs were put into consumer PCs in a very sneaky, stealthy
> way and their primary focus was for DRM management. So I (personally)
> think this might be reason why it never took off in open-source circles.
>
> However, the TPM isn't as awesome as the industry consortium would lead
> you to believe. It's pretty trival to solder a hardware sniffer onto the
> data bus of the chip in order to reverse engineer access to the chip. If
> you aren't worried about someone (the government) *physically* taking
> control of your hardware, then the chip is pretty great.
>
> This was the conclusion I reached after several months of studying the
> chip, however, that was several years ago and my memory may be foggy.
>
> Chris Troutner
> http://thesolarpowerexpert.com
More information about the Freedombox-discuss
mailing list