Hi,
Solar wrote:
TPM got
a really bad rep back in the day, because it
could be used to lock other operating systems out of the boot process, or even deny installation to "unsigned" applications -- with the certification in the hands of the OS provider (a.k.a. Microsoft). Microsoft never went as far as actually implementing Windows that way, but I am rather sure they only didn't
because of the boiling kettle they suddenly had on their hands.
Yes.
It is/was also seen as "not ideal" for security for a few reasons - mainly, that "chain of trust" is fragile and depends on too much (which is something AMD fixed with "dynamic root of trust" since); and the fact that it's retroactive (code that's been tampered with is executed, then checks are done after the code is executed) and not preventative (refusing to execute code that's been tampered with - e.g. like SecureBoot).
Solar wrote:
It's also been attacked successfully.
Some implementations have been successfully attacked, but implementations of almost everything have been successfully attacked - if we waited for "guaranteed 100% secure" we'd be waiting forever.
The real question is, does using TPM to make it harder for an attacker to tamper with boot code? You'd have to assume that using TPM gives better security than not using TPM; even if TPM can be broken by a child in less than 1 minute.
Cheers,
Brendan