[Bitcoin-development] BitMail - p2p Email 0.1. beta

Mike Hearn mike at plan99.net
Tue Jul 30 12:12:51 UTC 2013 

The TPM is a piece of secure* hardware that provides various cryptographic
services to the host system. It is important to understand that it is not a
crypto accelerator. It is a place to store keys and small pieces of data
(like hashes, counters) where it's difficult for someone to extract them
even if they have physical access.

The TPM is designed to support trusted computing, a rather splendid set of
extensions to the x86 architecture that let you do remote attestation,
software sealing and other things. Or at least it would be splendid if it
had been really finished off and pushed to completion by the designers.
Unfortunately due to various political issues it exists in a
quasi-finished, semi-broken state which only experts can use. Without a
doubt you have never run any software in a TC environment.

As part of that role, the TPM provides some permanent storage in the form
of NVRAM. Because the TPM is designed to be as cheap as possible, it has a
limited number of write cycles. Normally you're meant to store Intel TXT
launch control policies and sealed keys there, but Pond uses it in a
different way by storing keys there that it encrypts local data with. By
erasing the key in the TPM chips memory area, the data on disk is
effectively destroyed too.

This is useful because modern "disks" are often SSD drives, or physical
metal disks that use log structured file systems. Because flash memory has
a limited number of write cycles per cell, internally SSDs have firmware
that remap writes from logical addresses to different physical addresses,
the goal is to avoid wearing down the drive and extend its useful life.
Normally it doesn't matter, but if you want to delete data such that it's
really really gone, it obviously poses a problem. Using TPM NVRAM solves
it, albiet, at a high usability cost.



*note: actual tamper resistance of real-world TPM chips is not something
that seems to have been studied much


On Tue, Jul 30, 2013 at 1:27 PM, Wendell <w at grabhive.com> wrote:

> Can you explain this process for those of us not too familiar with TPM
> chips?
>
> -wendell
>
> grabhive.com | twitter.com/grabhive | gpg: 6C0C9411
>
> On Jul 30, 2013, at 10:40 AM, Mike Hearn wrote:
>
> > As a testament to the seriousness with which Pond takes forward
> security, it can use the NVRAM in a TPM chip to reliably destroy keys for
> data that an SSD device might have otherwise made un-erasable.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20130730/326a4eca/attachment.html>

More information about the bitcoin-dev mailing list