From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with archive (Exim 4.43)
	id 1HtXbH-0002BU-5r
	for mharc-grub-devel@gnu.org; Wed, 30 May 2007 19:29:07 -0400
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1HtXbF-0002BP-H7
	for grub-devel@gnu.org; Wed, 30 May 2007 19:29:05 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1HtXbD-0002BD-64
	for grub-devel@gnu.org; Wed, 30 May 2007 19:29:04 -0400
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1HtXbD-0002BA-19
	for grub-devel@gnu.org; Wed, 30 May 2007 19:29:03 -0400
Received: from khepri.openbios.org ([80.190.231.112])
	by monty-python.gnu.org with esmtps
	(TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60)
	(envelope-from <stepan@openbios.org>) id 1HtXbC-0003zv-IS
	for grub-devel@gnu.org; Wed, 30 May 2007 19:29:02 -0400
Received: from stepan by khepri.openbios.org with local (Exim 4.67)
	(envelope-from <stepan@openbios.org>) id 1HtXb9-0006oE-74
	for grub-devel@gnu.org; Thu, 31 May 2007 01:28:59 +0200
Date: Thu, 31 May 2007 01:28:59 +0200
From: Stefan Reinauer <stepan@coresystems.de>
To: The development of GRUB 2 <grub-devel@gnu.org>
Message-ID: <20070530232859.GB24702@coresystems.de>
References: <10779735.post@talk.nabble.com> <20070524160348.GA13048@aragorn>
	<f368tj$avp$1@sea.gmane.org> <20070525151103.GA12477@wolff.to>
	<20070530131841.GB4771@aragorn>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20070530131841.GB4771@aragorn>
X-Operating-System: Linux 2.6.22-rc2-git7-43-default on an x86_64
User-Agent: Mutt/1.5.13 (2006-08-11)
X-Duff: Orig. Duff, Duff Lite, Duff Dry, Duff Dark,
	Raspberry Duff, Lady Duff, Red Duff, Tartar Control Duff
X-detected-kernel: Linux 2.6 (newer, 3)
Subject: Re: TPM chip and Grub bootloader
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: The development of GRUB 2 <grub-devel@gnu.org>
List-Id: The development of GRUB 2 <grub-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Wed, 30 May 2007 23:29:05 -0000

* Robert Millan <rmh@aybabtu.com> [070530 15:18]:
> IOW, no matter who the keys belong to, the problem is there's a component in
> the hardware I paid for that is hostile to me, which contains keys that I
> cannot retrieve (good, because of security), and refuses to use the keys on
> anything I want it to (bad, because it's inherently an abusive tool).

You do not need a TPM based system. Todays BIOSes prohibit flashing
anything not signed by the vendor using SMI and hardware lockdown
mechanisms. You are locked out already, even though you might not care
or know yet.

Stefan

-- 
coresystems GmbH • Brahmsstr. 16 • D-79104 Freiburg i. Br.
      Tel.: +49 761 7668825 • Fax: +49 761 7664613
Email: info@coresystems.de  • http://www.coresystems.de/