-->

Monday, February 28, 2022

many worded

Before I start this harangue, I want you to know that it is with very creepy feelings that surface whenever someone is super-vague about how technology works, and in meetings we'll never be a part of, someone has said, 

"ah, shit. Fucket, nevermind" or the executive version "Forget it, nevermind"




https://arstechnica.com/gadgets/2021/08/how-to-go-from-stolen-pc-to-network-intrusion-in-30-minutes/

I don't know if you glossed over that blue line but please don't.

It's a cat-in-the-hat-level primer on how to destroy TPM's.

I'm not sure WHY the publisher published it, except maybe he got real tired of Sheldon-level snobs.

I'm still reading the very comprehensible article (that means, if I read slow, it makes sense)

Except for one teeny bit:

If you're using a CPU with an embedded TPM, doesn't that negate some of their doom gloom and nihilism?

I mean, we're all fucked, sure, but hacking into a CPU might be harder than getting into a cheapo TPM-chip.

If this were some class and I were raising my hand, I'd be pissing off the teacher because I interrupted his two-week 500-page lecture,

But yeah, which is better, FTPM vs TPM? Ble-ble-ble (harrUMPH! FOO-bah) AHEM)

just as good (with exceptions) AMD just fine! (on the other hand) (IOW "don't worry your pretty little head" buy Intel)

Guy with accent, Aug 2021

Which is better for hackers, which one is better for you (a non-hacker)?
Why are they pushing the Mysterious "El,"

What is the secret of 'pcr7'?

Who is it for?



Get a cushy job preventing hackers. Leave yourself a back door.
When / if these slenderman-biggiefoot hackers arrive you'll be long gone.
(What?) No they didn't say that, I did.

The cute picture above isn't revealing my thoughts well...an endless committee of elderly know-it-alls are constantly upstaged by younger brighter people.
And if you *hire* these younger brighter people, they'll take your money and run, the punks.
Their friend will write an article about how easily the system was broken into, heaping dung onto the gaping sore of an insult.

Conformal-coat your circuitry (coat it with epoxy, amber, whatever)
Your secretaries will either have wifi and facebook, 
(maybe on their BYO-(trendy name)"D" or they won't, any actual work is isolated, 1963-style.
Fucket, I don't have to be Sheldon to lock down your system.
(OK the trojan-horsies, but whatever)










https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices, maybe they think it's cute, trendy or badass talking this way.

Or maybe (and this is what they want me to think) I'm so backwards that every sentence sounds like a terrible Algebra teacher

Yeah but How can I identify which PCR Bank is being used??

What we have here, is *failure* to communicate.

I ask,
 "which one,"
 and You respond to which Type (sha-1 or sha-256), as referenced by the hash-algorithms bit-field table 21 of version 1.27 of (o nvm)

My algae-ID is 0xb (11d) so....uh....does anyone care? 

An sha-256 registry which is probably "11" but don't quote me.

And this I need to know, because worlds would collide if I didn't.

pcr7 is or is not active bee cuz.

period.
end of bullshit.
But nooooooo

" Yes, no, maybe" is all that is required, or "Buy *this*. 

https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/modern-standby-vs-s3
https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/tpm-recommendations

Or in other words, "TPM or FTPM, is there a difference?"
You misconstrue your powers of persuasion, you're no beautiful woman with long black hair and shiny lips, which move and occasionally pucker.
No, you are annoying and write too much.
Is F in the TPM a deal-breaker for *some* things?

And what's all this then about "Modern Standby?"
is it a thing or a myth you fat people made up ("slenderman")

Now I refuse to wax bombastic, you'd make fun.
Is it a *thing* you buy, a technology a company owns, 
A fence to deter bounders and social climbers, I wanna know (for five seconds)
And why is slenderman White and thin, is it more PC to be black and pear-shaped?

Plus, I must know my place in the firmware of life:

Yah, hmm, I "powercfg -h off" because it takes up soo much room on my teeny partition on my 1TB drive.
It's a thing, buy an oversized whatchacall-drive, cut it down or leave it as is and pretend to be decadent.
Well I refuse to be a powershell-puppet, dancing on the strings of those power people.
So they've said, "He's old, he's white, let him lose his 'S0' "
Because, "bleh"
Bleh!!
(What would "Slenderman" say??)
Can I kiss you Now??

"Yew are either a worm or slumming with vermin, either way, do not bother us with your perversions" 


Yew pissants, Yew turkeys.

"working standby" or what I call working-standby, has been around since ages past, it's a way of having fans run while the PC sleeps.
In my case, my PC (this one here, not the ages-past one) will look totally "On", motherboard lights on, BIOS messages on Full, but the screen is blank and my wireless mouse is off (I think).
It's like the proverbial "sleeping with one eye open."
But None of these theatrics matter unless that old Bitch "MSinfo32" is convinced, and I doubt she is.
But that is my next step.
I'm still a cad and a bounder, but I'm a *modern* one, arriviste

I've gotten rid (buried) the others now I'm coming after YOU, "PCR7"
A horse, a horse, my kingdom for a horse

You're welcome but please use the servants' entrance
and you're never allowed upstairs
Welcome, thou good and faithful.
(Prepare my bath, there's a good slave)
Those who never got an AA degree are treated kindly but like dirt.
You need to BUY something, I'm not sure what.
*I* am not worthy, EOT

https://docs.microsoft.com/en-us/answers/questions/630969/tpm-is-not-usable-pcr7-binding-is-not-supported-ue.html
Trying to rise above our station, are we? Weird.
Upgrade or be belittled.

They write the logs (to the tune of Barry Manilow)


They KNOW why, it's a state-secret. You must buy and Join, or be ignored.
If there's an extra key, erase it. write the logs so they can be read by mere humans.
If anyone says 0,2,4 11 is just as good, prove it, delete the hoity-toity bull on PCR7.
But no, this will all be deprecated in a couple years. So this blog will be a cute anachronism to tell kids how hard a time Gramps had.

"You just don't understand me"
"(grr) WHAT do you WANT??!!"



The TPM written by someone who thinks like a woman, plainly states pcr7 is impossible, makes no effort to fix it, and does not say why it's impossible.
O sure, take her side.
it's MY PC, but she has custody.
If the TCG log is invalid:
Disable-enable bitlocker.
The TPM is going bad.
So saith wisdom of the ages, qualified by "But I don't really know"








For the record, the above is useless and pointless, abandon all hope 
(for the record)


Much blather, many long tomes of text, History-of-world-stuff,
Only PCA 2011 certificates need apply, all others are bounders cads and wannabes.

Fine, says everyone and their cat, where are these certificates?




Using ass-pulling logic, I'm gonna guess that when you prepopulate a TPM with keys from your motherboard manufacturer (in the case of a FTPM) you're ruining any hope of being PCR-7 worthy.
The distinction is a subtle one because, you may not be able to trace your lineage back to the Mayflower and PCA 2011, but you can still encrypt a drive (and isn't that what you wanted anyway??)
You won't be able to marry above your station, but you can exist and have some pissant little job somewhere.

There is a succinct procedure to populate a TPM with keys, which I have not found.
That's secret-society stuff, Black-hoods and crows

It *looks* happy, IDK. Lights on, no one home, but that's a biggie guess.


There's this link that does not go into WHY but it's fairly clear about HOW.

1. "Platform" is the new trendy thing to have, it differentiates from the decrepit fogies in "1.2"
2. "Endorsement" is for the paranoid.
3. "Storage", a holdover from 1.2, is feeble and can be disabled.
Now (this here is from me) if two keys conflict as Ms. Feng suggests,
Couldn't we disable part of the hierarchy-trinity to resolve the conflict, and assuage PCR7???

The TPM-preparation program is contradicting itself, as if it had a deep-seated revulsion that was difficult to overcome.
But with "Storage Hierarchy" DISabled, "Prepare the TPM" is no longer grayed out, and "prepare" can proceed, but with little effect.
In other words, everything is going through the motions, but nothing is done.
But PCR-7 is still impossible, which was the whole point of this little exercise.
BitLocker determined that the TCG log is invalid for use of Secure Boot. 
Why, is it pregnant, PMS, Menopause, *what*???
Cancer.
Gotta be.



"make sure it's uefi, make sure it's GPT, uh..............................................................................................................................................................................................................." (dead thread)


Don't care, don't have to.
begone to the outer darkness where others beg
to be bound (but who are not dressed correctly)
The above was unrelated (unless you count the attitude) but Google lumps a very few hopeless responses as answers.
The Microsoft Penguin-lady, the guy with no TPM and no problems "Be at peace"
and a few others not worth mentioning.

At this point I wonder if TPMs are not all equal.
Or if some are lacking something.
If something *should* work but *doesn't*, all the generic platitudes on earth could not make them work any better.
OK I've already read about the guy who experienced this, went out and bought a TPM for a great price, But got nothing for his trouble.
Still, what else is left?

Plus, there's a special file with a very long list of trusted TPM's available from Microsoft.
You can either import stuff piecemeal or gobble up the entire file using a script.
The script won't run (different blog) but you can make it run anyway, after a warning.
Does this file help?

No.

This pointless display should impress at parties but does little else except prove you've been to the swamp and returned.
It's saying, "Interactive users" is wrong, it should be "Authenticated Users," and it is, so
NVM.


Maybe you're getting the point, there are zilllllllllllions of pages with stuff just like this, and ONE of them says *exactly* what to type to get PCR7 going.
Thought I saw it, but it must have been a mirage.
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)