-->

Friday, July 9, 2021

Trusted platform module (untrusted)

 Random train passing by here a half-hour ago (long story) About, bottom line, whether the mighty and vaunted TPM with all its revisions and options,

can be counterfeited to be weak and have a back door.



Yes, it'll pass muster when checked, but there's a pin rewired or whatever.

So I'm off to wonder if the train is a ghost train, or if it is true.

Note:

"FTPM" is in a processor. Assuming you, uh, didn't get your BIOS from a russian friend or anyone working (say) in "Virginia", (Maryland?) I'm uh, getting distracted. Is it *really* inside the CPU or is it strictly firmware? (Further distraction: Does any part of windows-security need "Hyper-v"??

I mean, you'd think they'd say somewhere...I get the gut feeling "Hyper-v or another name "Hypervisor," etc isn't just for creating imaginary-friends, it also isolates dangerous stuff from "Sims" or whatever.
But I don't know.

Nono, I believe at least part of the TPM is in the CPU, or otherwise any CPU fitting your motherboard would work. And if I'm wrong, I don't care at this point, there's a severe information overload.

But I'll double check.

Tough to believe anyone these days, everyone's got an agenda

https://www.cnet.com/features/nuclear-power-is-clean-and-safe-why-arent-we-using-more-of-it/

https://www.chooseenergy.com/news/article/does-nuclear-power-have-a-place-in-the-shifting-energy-landscape/





Yeahbutt did they DIE? There ya go


But here's the thing, it would be harder to counterfeit CPU's right?

A teeny thing like a TPM-chip would be trivial for Guy Fawkes and his merry band of misfits.

OK Forget it! Never Mind! Gah!!

https://www.reddit.com/r/Amd/comments/5z2pfu/quick_pro_tip_about_ryzen_and_tpm/

https://docs.microsoft.com/en-us/windows/iot-core/secure-your-device/tpm

https://helgeklein.com/blog/how-to-check-windows-tpm-status-enable-cpu-amd-ftpm-intel-ptt/

I'm wandering away from my point, which is actually several points....
Converse to traditional logic that a discrete TPM-chip is best,
My train of thought was, no, because a discrete TPM chip, all young and innocent, can be groomed to grow up evil, promiscuous (a gossiping fool).
Consider first:
Russia, China, the US have powerful agencies dictating to computer manufacturers what they want in an encryption chip.
But OK after rendering your data to Caesar, is there anyone *else* you need to worry about?
(ignoring the rant that Russia wants China's data which wants US's data)
Ignoring Bitcoin robbers,
And the press,
uh
OK forget it, nevermind.

Really buried rant:
Those innocent looking billion-dollar towers proudly displayed as job-magnets in the press, 
aren't only looking for bitcoins;
 they double as Decryption behemoths dedicated to cracking whatever encryption scheme your fragile little CPU's mind can dream up.
So who are we encrypting against?
Peeping neighbors?
If one of those decryption towers finally broke an encryption scheme (a biggie one) would they trumpet it to the world, or keep it to themselves?
Historically, as soon as a code is broken they shout it to the four corners of the universe.

I came to a conclusion in my head that Microsoft cares more about identity, for subscription services, for paying for stuff.
If they want to attract vendors, they have to reassure them that it's actually you paying for that monthly subscription, and once you've already paid, that YOUr hardware is/are the valid paid-up subscriber (not your friend, not your sister, not Todd and the hacker-club.)
If your data *can* be decrypted, rest assured it already *is* decrypted, and the other idea in my head about double encryption might not be valid (The OS has to be able to read your decrypted files)
If (in some dream microsoft has) you could upload encrypted files to a virtual drive (picture governments and hackers rubbing their hands together greedily), then they could charge you for the storage.
And with 2TB drives available, what the hell would you upload and pay to store?
Only people with multiple locations to work at would want this.
And only with trivial data that governments, hackers, rival companies and law enforcement would not care about (but they wouldn't *know* they didn't care about it until they stole and decrypted it)

It follows (logically) that the most evil hackers around also use the oldest OS's available (or maybe Linux), and keep them offline.
But that's only a train in this crowded train yard.
Offshore-account numbers, who gets paid off when, 

Pirated movie-collections...


This is wondering why "windowsapps" is extremely locked and cannot be accessed, but more importantly, if a person does a coup d'etat and forces ownership, is that a bad thing?
I mean, people have had trouble changing it back.
maybe it's declared a "shithole"-directory and avoided by the OS.

Whatever.

I found a file I cannot run there, called "Sechealthui.exe" and apparently Microsoft keeps every version, like some wedding-photo album.

I don't know exactly why I obsessed over that, but "Device security" seems to run from there. 

(In case I was unclear, the following is about "Device security" the app, and other things generally that I don't know about yet)

It's damn close to an overbearing security guard now, telling you to move along, with no useful information.

In windows 10 it at least listed a few things but now it's a low-brow neanderthal.

Obviously (I think, obviously) they are working on a new version, as soon as the Guru gets back from vacationing in France (that's the only legitimate excuse I can think of; more depressing options are, some of the critically important designers are dying from Covid?)

Or they were fired for a myriad of reasons (think, "twitter").

There's no other obvious reasons why this half-baked POS was released.

😔

Ho..ly crap, I'm hoary

To be amongst polite society, not reek, I should have smbios 3.4 (or so)

Wait, where did I get the above statement? I think I'm misinterpreting...they've come out with tons of revisions since the year 2013. O, so now I have to read many quaint and curious volumes of forgotten lore. Nevermore!

No wait (seriously) UEFI and SMBIOS are related but it's like cousins or something, grrr.

What kind of fool am I? (uefi version????)


No wait, SMBIOS came out in 2013 (that's true) but UEFI must have a different number.
There.
Um, where were we? Oh yeah, the reason Microsoft is so damn snobby.


And *in* that link, SMBIOS exists but it's highly confusing for me.
"0x03h" appears to be a desktop computer...nothing about revisions yet.
Argh, it's like wondering about a word in the bible or what Shakespeare said in a forgotten play.
My responsibility ends where I buy an expensive 2018 Processor, 2019 motherboard, 2021 BIOS-Update. If all those assholes can't get their shit together, and then they blame me??
oooooooooohhh!!! 
My "2.8" is cow-caca on the side of the highway
There is no 2.8, they skipped 2.32 to 3.40
https://www.dmtf.org/sites/default/files/standards/documents/DSP0134_2.8.0.pdf

This next picture is from the book about how to win friends and influence people in Windows 11. Crap, My fonts are messed up, this could take *hours* to fix, fucket.









Hi. Still here? Look up "Kernel DMA protection" which is "off" here, I have to find out why.
It's my grail. OK not really but times are slow and depressing, and it seems like a worthwhile quest.
IOmmu is a paradiggem SNOB!!
Mealy-mouthed little Shit, AMD CPU's Matter too!!
Prejudiced assholes.

IOMMU is an unreadable Of the series "The unreadables," that most people just set to "Auto."
It was a Linux-thing, I thought.
No, it's an official thingy, like VT-d (another unreadable)



Yeahbutt (o,sheeit)


IN otherwords, the features are there, I'm just not using them.
More lore, whadda Bore! Nevermore.

I don't trust you to scramble eggs, And you KNOW (grr) about ransomware...Geez
Ooooh, #@#!^*(
https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-countermeasures
Pissant little clowns looking for job security !@#$%^& hacker-consultants ^%$#@
Microsoft wants to scramble your system, make it unusable, make you know the answer to "IS IT SAFE??!!"
Ooohh, unless you buy Intel, of course, and then you're good.
%$#@$%
Ask these brain-dead geniuses from Mars, "What about BIOS-Updates?" Yeeewww turkeys.


Years ago, some guy tried "Compress drive to save space" or somesuch-professional-glitterteeth-sales pitch, and RUINED his computer (I don't suppose it's relevant to scrambling your PC, right?
RIGHT??!!) Cuz, I mean, you NEVER update anything, right?
And Windows 11 is sort of an alpha-OS, but they know what they're doing, they're *professionals*.

The BIOS (because it's UEFI) and windows know each other intimately, in theory.
About as well as a woman living in the Upper west-side Condo knows her Gardener.

I kind of hate the bitlocker part (in summary) but I *want* the, uh, ...?? AMD-Vi ..or..something.
And S0 because suddenly Microsoft requires it. 
But I can't get "S0" and I WON't scramble my drives, so there it is.
Stalemate.

---
Mostly useless sites that blab on in the middle of biggie-advertisements and page-blocking notices, 
-----
A door to forgotten lore  (curious and quaint it ain't)
'k, I don't know what it says (yet) but you're not doddering nor senile, so here's a hope it's useful (but maybe not)


Speaking of curious quaint unreadable things, The writer of WMIC (the built-in-program)
*COULD* have made this next bit readable
(Title: feature
Another Title: Another feature)
Buuut NOOoooo,
Being from Microsoft, he wrote it like this!!

wmic:root\cli>cpu

AddressWidth  Architecture  AssetTag  Availability  Caption                               Characteristics  ConfigManagerErrorCode  ConfigManagerUserConfig  CpuStatus  CreationClassName  CurrentClockSpeed  CurrentVoltage  DataWidth  Description                           DeviceID  ErrorCleared  ErrorDescription  ExtClock  Family  InstallDate  L2CacheSize  L2CacheSpeed  L3CacheSize  L3CacheSpeed  LastErrorCode  Level  LoadPercentage  Manufacturer  MaxClockSpeed  Name                                 NumberOfCores  NumberOfEnabledCore  NumberOfLogicalProcessors  OtherFamilyDescription  PartNumber  PNPDeviceID  PowerManagementCapabilities  PowerManagementSupported  ProcessorId       ProcessorType  Revision  Role  SecondLevelAddressTranslationExtensions  SerialNumber  SocketDesignation  Status  StatusInfo  Stepping  SystemCreationClassName  SystemName       ThreadCount  UniqueId  UpgradeMethod  Version              VirtualizationFirmwareEnabled  VMMonitorModeExtensions  VoltageCaps

64            9             Unknown   3             AMD64 Family 23 Model 113 Stepping 0  252                                                               1          Win32_Processor    3472               11              64         AMD64 Family 23 Model 113 Stepping 0  CPU0                                      100       107                  8192                       65536        0                            23     0               AuthenticAMD  3501           AMD Ryzen 9 3950X 16-Core Processor  16             16                   32                                                 Unknown                                               FALSE                     abcdefgjijklmnop10  3              28928     CPU   FALSE                                    Unknown       AM4                OK      3           0         Win32_ComputerSystem     DESKTOP                     49             Model 1, Stepping 0  TRUE                           FALSE

 

wmic:root\cli>

Being obsessive, I might *might* stick some tabs and some carriage-returns where the sun don’t shine…but don’t wait up.

YAY! so, nevermind

TCG specification, revision 1.27, Table 3,

TPMDigestAlgID=b(11)


Ah.

So my PC is correctly configured but a little miffed, 
a little pissed off,
*grumpy*
That I don't use Bitlocker.
Patience, PC.












at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)