What is the point running something like Coreboot but then adding all the obscure black-box "security" (spyware/digital restriction management) and on top MS-Windows 11?
Announcement
Collapse
No announcement yet.
Microsoft's Director of OS Security Gets Coreboot Playing Nicely With Windows 11
Collapse
X
-
Originally posted by Jannik2099 View PostAny source for the remote wiping part? First time I hear of it.
"Pluton is touted as being able to recover a non-booting machine so if the OS isn’t active and Pluton can fix it, that means someone isn’t telling the truth"
I read that as it has the ability to do anything. So full remote access...
- Likes 1
Comment
-
Originally posted by grigi View Post
From https://semiaccurate.com/2021/12/01/...ous-to-deploy/
"Pluton is touted as being able to recover a non-booting machine so if the OS isn’t active and Pluton can fix it, that means someone isn’t telling the truth"
I read that as it has the ability to do anything. So full remote access...
The updates are deployed as regular UEFI capsules just like lvfs updates, btw
EDIT: the "recover from software bugs" part seems to be referring to this https://www.youtube.com/watch?v=quLa6kzzra0&t=2162s
It is poorly formulated and meant "discover software bugs in firmware, because that would change the attestation checksums"
Ergo, no remote access from what I can tell?Last edited by Jannik2099; 19 January 2022, 09:30 AM.
- Likes 2
Comment
-
The point that Charlie made is that when asking directly, he gets conflicting information, or more often complete silence. Therefore there is a good chance that there is active effort to downplay its capabilities.
Just note, that he was talking about the risks of Intel ME for years before Intel acknowledged it. If he's concerned, we all should pay attention. (I'm not saying he is right, just that he is noticing "smoke")
- Likes 1
Comment
-
Originally posted by Jannik2099 View Post
I think you're misunderstanding what a TPM does, it is not meant to protect keys against software running on the machine.
a TPM is a root of trust that can assert platform integrity (meaning that no one tampered with your firmware, bootloader, hardware etc.) - based upon this it can store keys tied to the result of an assert, this is how disk encryption is implemented on most platforms these days.
If someone can mod your hardware, they can add a key logger, usb rootkit, their own boot key (because who checks anyway), etc that are not auditable by a TPM making the TPM pointless (IMO).
Sure a TPM can be used to make one form of attack hard but it fails to address any full class of attack making it more trouble than the security problems it adds.
Maybe I'll like TPMs when they are open hardware and have broader reach but for now I bundle them with IME, AMD-PSP, speculative execution, rowhammer, and select other hardware IP that just runes an otherwise good SOC.
Last edited by elatllat; 19 January 2022, 10:41 AM.
Comment
-
Originally posted by elatllat View Post
If someone can mod your hardware, they can add a key logger, usb rootkit, their own boot key (because who checks anyway), etc that are not auditable by a TPM making the TPM pointless (IMO).
Comment
-
Originally posted by Jabberwocky View Post
Randsomware attack vectors are mostly people that install software from untrusted sources or unmaintained infrastructure i.e. government or wealthy private businesses. It's irrelevant to the TPM discussion in this thread.
Yes, irrelevant to TPM. But relevant for the question, "how else would someone lose their data?"
Comment
Comment