On 12/22/2014 3:44 PM, Joe Awni wrote:
>
>
> IMO, the amplitude of potential TPM-nightmare scenarios should give a
> clue about the strength of the technology.
> IE: If it can do that in the "wrong-hands," what can it do in the right?
>
>
Hi Joe!

What can it do in the right? Nothing that can't be done without the TPM
chip. One of the first things that you learn in computer engineering is
that anything problem can be solved on software or hardware. The only
difference is a question of efficiency.

The TPM chip is specifically designed to act as a hardware safeguard
against user intervention in software. It's intended to provide certain
facilities that already exist in software. The purpose in putting them
in hardware is to limit your access to them, so that you - the user -
cannot personally override them.

The purpose of TPM is to attempt to improve the speed and reliability of
cryptography, which is really not of much use. Holes in algorithms are
discovered need to be patched. In order for TPM to really be effective,
you have to have the OS play along and do everything quietly. If
security was the stated goal, you would have to "black box" both the
decryption and encryption in hardware to prevent most attacks.

This has not stopped TPM from being defeated by cold boot attacks or
software re-vectoring.

So what they are really aiming for with TPM are forms of remote
attestation - in other words: Digital Rights Management, and making sure
that you, the average user, can't do a thing about it.