Go Back   Wireless and Wifi Forums > News > Newsgroups > alt.computer.security
Register FAQ Forum Rules Members List Calendar Search Today's Posts Advertise Mark Forums Read

 
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 12-29-2006, 09:40 PM
Matty
Guest
 
Posts: n/a
Default TPM and Windows Vista TPM Services

Hi there all, I am working on a document on Windows Vista TPM Services,

and I have several questions I'm hoping someone can answer as well as
several thoughts I'd like some feedback on. Feel free to address any
combination of my comments/points, but I ask that you please try to be
informative and thoughtful in your reply- I'd like to really learn
something after all ;-)
1) Is the Endorsement Key used to create the hashes of integrity
monitoring/reporting metrics? If not, what key is used?

2) The TBB of a trusted platform is the TPM and the CRTM. The CRTM is
either a portion of or the entire BIOS code. Both of these components
must be trusted, and updates must be controlled. However, currently
3rd party BIOSes are prevalent, and anyone can update them. If this
situation does not change then basically 1 of the 2 components of the
TBB cannot really be trusted. How can we really ever have a trusted
computing platform if one of the 2 TBBs can be compromised? Perhaps
this issue is being addressed when I read the phrase "TPM-compliant
BIOS."


3) A trusted computing platform using a 1.2 TPM, and Windows Vista can
enable Secure Startup and BitLocker drive encryption to secure data
cryptographically. If the drive from this trusted computing platform
is stolen and placed into another system running another operating
system then what is the attacker missing in order to access the data?
The same thing they were missing before the trusted computing platform
was around- the encryption key. Therefore, doesn't the attacker
still have the same methods of brute force attack at their disposal for

cracking the encryption of the volume? How does the TPM make this
different once the drive has been removed from the system?


4) I am trying to write scripts to perform basic TPM management tasks.
Microsoft has some documentation on the WIn32_Tpm class which is
supposed to be used for this sort of thing, but I have not had any
success getting scripts to work on my Windows Vista 32-bit or 64-bit
installations. In the end I simply tried to search for the Win32_Tpm,
and could not even find it. The method for searching for the class was

to use the script below, and then pipe it to | findstr /I "Win32_Tpm".


=======================================
strComputer = "."
strNamespace = "\root"


Set objSWbemServices = GetObject("winmgmts:\\" & strComputer &
strNamespace)


Set colClasses = objSWbemServices.SubClassesOf()
For Each objClass in colClasses
Wscript.Echo objClass.Path_.Path
Next
=======================================


I have some more questions floating around somewhere, but this is a
good start.


Thanks in advance for your replies.


Matt


Reply With Quote
Reply


« Need an old version of BlackICE | Peter Gutmann Rips Windows Vista Content Protection »
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 11:40 AM.



Powered by vBulletin® Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.0 PL2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45