Announcement

Collapse
No announcement yet.

Google Working On Open-Source TPM 2.0 Implementation

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Google Working On Open-Source TPM 2.0 Implementation

    Phoronix: Google Working On Open-Source TPM 2.0 Implementation

    For future Chromebooks/Chromeboxes, Google appears to be building an open-source TPM 2.0 implementation that's possibly backed by open hardware...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    Now that is interesting! TPM can be a good thing if used right but when it relies on secret keys not given to or controlled by the owner of the device then it's wide open for abuse. An open solution would be the right thing to do.

    Comment


    • #3
      Could Linux make use of open source TPM 2.0? Or is this only for Chromebooks?

      Comment


      • #4
        I still don't trust all that TCPA, TPM and the likes, but then, an implementation in the freedom could be interesting. Still, one must remember Tivo-ization, you can have freedom firmware but can still be locked out of it for changes and updates.
        Moreover the question is: Will something like that ever be built onto normal mainboards? Vendors won't neccessarily slap Google's free-TPM-2 on their boards automatically. There is quite some action with Coreboot with Google-sponsoring (which is fine) but of course it mainly targets a few chromebook devices.
        Stop TCPA, stupid software patents and corrupt politicians!

        Comment


        • #5
          Originally posted by Adarion View Post
          Will something like that ever be built onto normal mainboards?
          Considering that normal TPM is rare outside of mobile (where Windows 10 requires it), probably not.

          I hope this thing can work over PCIe or USB or whatever.

          Comment


          • #6
            Originally posted by GraysonPeddie View Post
            Could Linux make use of open source TPM 2.0? Or is this only for Chromebooks?
            Depends from hardware specs. If they give hardware specs of the module's hardware (what components they used and some board schematics maybe) someone could make one that isn't soldered to the chromebook's mobo.

            Comment


            • #7
              There is potential here for usage against replacement of the initramfs or kernel by simple scripted "evil maid" attacks on encrypted laptops, but we know from incidents in China and elsewhere that state-level attackers tend to prefer pulling keyboards to install hardware keyloggers or (NSA TSO) replacing the firmware on the motherboard. Main weakness would be potential hardware backdoors in the TPM.

              Ideal would be a single, widely distributed and heavily audited, fully open FPGA design for a TPM that could be put onto existing boards. On desktops many enthusiest boards come with an empty TPM socket, I know exactly where I would put such a chip to add one more layer of defense to my encrypted systems.

              If Google can get this into Chromebooks even with manufacturer TPMs and this code is open code, the potentlal then exists for encrypted Coreboot machines with bootloaders, kernels, and initramfs locked to the user's keys and original keys removed. Epoxy down the keyboard and any attacker who can't replace the firmware can't get in, especially with upstream coreboot and a real desktop linux installed.

              Comment


              • #8
                Seabios which is open source have initial support for TPM 2.0.

                Comment

                Working...
                X