3

In the previous post Physically secure the system case it is recommended to physically protect the system. But in case stolen laptops where intruder have physical access to TPMs. What are the security risk involved if we lost TPM or others can access to reset BIOS apart from datalost?

saber tabatabaee yazdi
  • 1,048
  • 5
  • 16
  • 27

1 Answers1

5

A well designed TPM should be pretty resilient to tampering, but a truly determined attacker could try doing something like dissolving the casing and reading information directly off the chip. It's a pain staking and highly technical process, so probably isn't a likely case in most situations, but if the value of the material is known to be high enough, it could potentially be a risk. (Though success is not guaranteed and they only really get one shot at it.)

BIOS itself is pretty much a joke to reset in most cases, but would typically result in a wipe of the TPM if so equipped. It certainly isn't a desirable case to have hardware lost, but the main reason to protect a physical system is to protect data in use rather than data at rest. If for example, you lost a computer and then it was found, it would be wise not to trust the hardware or unlock it until you had a chance to verify it wasn't tampered with. Physical alterations could easily pull out the keys when the device is next unlocked.

AJ Henderson
  • 41,896
  • 5
  • 63
  • 110