From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1IkQBs-00056r-Pf for mharc-grub-devel@gnu.org; Tue, 23 Oct 2007 16:17:28 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1IkQBp-00055m-Ci for grub-devel@gnu.org; Tue, 23 Oct 2007 16:17:25 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1IkQBn-00055S-C9 for grub-devel@gnu.org; Tue, 23 Oct 2007 16:17:24 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1IkQBn-00055M-13 for grub-devel@gnu.org; Tue, 23 Oct 2007 16:17:23 -0400 Received: from aybabtu.com ([69.60.117.155]) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1IkQBm-0004E0-JA for grub-devel@gnu.org; Tue, 23 Oct 2007 16:17:22 -0400 Received: from [192.168.10.6] (helo=thorin) by aybabtu.com with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from ) id 1IkQBj-0007AQ-Hy for grub-devel@gnu.org; Tue, 23 Oct 2007 22:17:20 +0200 Received: from rmh by thorin with local (Exim 4.63) (envelope-from ) id 1IkQBd-0007mc-Ih for grub-devel@gnu.org; Tue, 23 Oct 2007 22:17:13 +0200 Date: Tue, 23 Oct 2007 22:17:13 +0200 From: Robert Millan To: The development of GRUB 2 Message-ID: <20071023201713.GA29047@thorin> References: <507931.10540.qm@web28104.mail.ukl.yahoo.com> <688281.39758.qm@web28115.mail.ukl.yahoo.com> <20071023123149.GA2354@thorin> <60954307-5783-43C8-9A67-1203319A2E9C@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <60954307-5783-43C8-9A67-1203319A2E9C@gmail.com> Organization: free as in freedom X-Message-Flag: Microsoft discourages use of Outlook. X-Debbugs-No-Ack: true User-Agent: Mutt/1.5.13 (2006-08-11) X-detected-kernel: by monty-python.gnu.org: Genre and OS details not recognized. Subject: Re: help installing grub-ima X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Oct 2007 20:17:25 -0000 On Tue, Oct 23, 2007 at 09:11:58AM -0500, Andrei E. Warkentin wrote: > ...Because having the ability, to be certain you didn't have a > hypervirus or at runtime-binary-patched kernel booted due to a hacked > bootloader loading from something like a USB stick, is one step > towards "treacherous computing", whatever that is. If you had any of the situations described, you wouldn't be able to trust the APIs you use to access the Treacherous Chip at all. The funny thing is that third parties would [1], but not you. [1] Well, assuming our hypervirus is not dumb, they would just see that your computer lacks a Treacherous Chip or is not using it, which is not very useful. But of course, this has an easy solution: - Premise: everyone who's not on TC is therefore running an hypervirus - Consequence: let the witch hunt begin! :-) > I think the SELinux people might object to that. One of the biggest > problems with security in Linux is that the Linux kernel is not and > cannot be the core root of trust, as it is by far not the first thing > running and is not located on unmodifiable medium. How can you trust your BIOS if you can't even read its source code, let alone verify it was built from it? > Man, those write-once read-many system-measurement registers are just > one step closer to losing the right to read, right? It's obvious that with computers being general-purpose machines, they cannot take away basic rights. TC is specificaly designed [1] to take away these rights and turn them into concessions. [1] Yes, really. If you disagree, please explain why the Owner Override proposal (http://www.linuxjournal.com/article/7055) was rejected. > Or maybe to > actually be in control of your system from power-on to shell prompt? Being in control is not the same as trusting someone else who claims to be. -- Robert Millan I know my rights; I want my phone call! What use is a phone call, if you are unable to speak? (as seen on /.)