From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1HtlBV-0006vJ-OJ for mharc-grub-devel@gnu.org; Thu, 31 May 2007 09:59:25 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HtlBU-0006s5-4J for grub-devel@gnu.org; Thu, 31 May 2007 09:59:24 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HtlBS-0006oe-Du for grub-devel@gnu.org; Thu, 31 May 2007 09:59:23 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HtlBS-0006oa-Bb for grub-devel@gnu.org; Thu, 31 May 2007 09:59:22 -0400 Received: from aybabtu.com ([69.60.117.155]) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1HtlBR-0001KM-OM for grub-devel@gnu.org; Thu, 31 May 2007 09:59:21 -0400 Received: from [192.168.10.6] (helo=aragorn) by aybabtu.com with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from ) id 1HtlBB-0007jj-KP for grub-devel@gnu.org; Thu, 31 May 2007 15:59:06 +0200 Received: from rmh by aragorn with local (Exim 4.63) (envelope-from ) id 1HtlDm-0004b7-GJ for grub-devel@gnu.org; Thu, 31 May 2007 16:01:46 +0200 Date: Thu, 31 May 2007 16:01:46 +0200 From: Robert Millan To: The development of GRUB 2 Message-ID: <20070531140146.GA17253@aragorn> References: <10779735.post@talk.nabble.com> <20070524160348.GA13048@aragorn> <20070525151103.GA12477@wolff.to> <20070530131841.GB4771@aragorn> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Organization: free as in freedom X-Message-Flag: Microsoft discourages use of Outlook. X-Debbugs-No-Ack: true User-Agent: Mutt/1.5.13 (2006-08-11) X-detected-kernel: Genre and OS details not recognized. Subject: Re: TPM chip and Grub bootloader X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 May 2007 13:59:24 -0000 On Thu, May 31, 2007 at 12:45:10PM +0200, Patrick Georgi wrote: > As far as I know, this mechanism doesn't prevent you from creating > another root. (or just deleting the old one) No, but it stablishes a practice that it is ok to use someone else's root. When everyone starts doing this (and they WILL do this since someone else will take the decision for them), that practice will become standard, then I am being labeled as "not clear" by omission if I insist in using my own root instead of someone else's. An example: if a website requires that you must use Internet Explorer to view it, and uses a TPM scheme to get clients to prove they're using IE, there's nothing I can do to visit this website, other than using IE. Before Treacherous Computing, such kind of lockdown was impossible to accomplish. I don't deny that this technology could be oriented towards legitimate uses, becoming Trusted Computing rather than Treacherous. But this may only come when everyone stops the pretension that a TPM system that can be used with someone else's root and doesn't provide any backdoor for owner with physical access is indeed agnostic about good and evil. We'll see that when they start selling preconfigured TPMs where root belongs to a mallicious 3rd party (if they aren't doing that already). -- Robert Millan My spam trap is honeypot@aybabtu.com. Note: this address is only intended for spam harvesters. Writing to it will get you added to my black list.