From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1JnBL3-0005Od-HJ for mharc-grub-devel@gnu.org; Sat, 19 Apr 2008 07:34:37 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1JnBL2-0005OV-57 for grub-devel@gnu.org; Sat, 19 Apr 2008 07:34:36 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1JnBL0-0005OF-Je for grub-devel@gnu.org; Sat, 19 Apr 2008 07:34:34 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1JnBL0-0005OC-DB for grub-devel@gnu.org; Sat, 19 Apr 2008 07:34:34 -0400 Received: from aybabtu.com ([69.60.117.155]) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1JnBL0-0005fS-BB for grub-devel@gnu.org; Sat, 19 Apr 2008 07:34:34 -0400 Received: from [192.168.10.6] (helo=thorin) by aybabtu.com with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from ) id 1JnBKx-0003U2-ND for grub-devel@gnu.org; Sat, 19 Apr 2008 13:34:33 +0200 Received: from rmh by thorin with local (Exim 4.63) (envelope-from ) id 1JnBKT-00063f-Vu for grub-devel@gnu.org; Sat, 19 Apr 2008 13:34:01 +0200 Date: Sat, 19 Apr 2008 13:34:01 +0200 From: Robert Millan To: The development of GRUB 2 Message-ID: <20080419113401.GA22920@thorin> References: <48086495.1c365e0a.2f2f.107f@mx.google.com> <20080418112203.GB26239@thorin> <1208542846.6642.30.camel@dukephillips.omgwallhack.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <1208542846.6642.30.camel@dukephillips.omgwallhack.org> Organization: free as in freedom X-Message-Flag: Worried about Outlook viruses? Switch to Thunderbird! www.mozilla.com/thunderbird X-Debbugs-No-Ack: true User-Agent: Mutt/1.5.13 (2006-08-11) X-detected-kernel: by monty-python.gnu.org: Genre and OS details not recognized. Subject: Re: TPM support with SATA drives X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Apr 2008 11:34:36 -0000 On Fri, Apr 18, 2008 at 11:20:46AM -0700, Julian Blake Kongslie wrote: > > Sorry, but this message is confusing me. Having the TPM in my machine > act as a cryptographic proxy on my behalf is the entire point of the > TPM: It's part of the point, but there's more to it. You can see evidence of that in two facts: - The TPM has a master key that the owner never gets a copy of. Not even if she requests it to the vendor. - The TPM refuses to sign things with its master key when it doesn't feel like it. So if you want to use the TPM to emmit a certificate that proves you're running Microsoft Windows, but you're not, the TPM will refuse to help you. > if the software stack has access to the SRK then attackers would > prefer to attack dead swap space or temp files rather than the TPM > itself. Of course. But we're talking about the *owner* having control. The software stack is not the only way the owner can control her own hardware. For example, she could get a printed copy of the master key. Or there could be a jumper/button in the TPM that overrides the restrictions I explained above (So-called "owner override", which was proposed and rejected because "it was against the purpose of providing TPMs" -- draw conclussions from what that means). > > The idea behind this is that you can be coerced into accepting that someone > > else can spy on your computer (they call it "remote attestation"). When > > enough users accept this form of blackmail, it will become impossible to > > resist to it in practice. > > And this is the really confusing part. How can someone else spy on my > computer because of my TPM? I can *voluntarily* enter into a remote > attestation system, but to do that I would need to tell my peers the > public key I will be using to sign the attestations; if I was so > inclined, I could choose any key that I like for this purpose, and > instruct the software on my machine to get the unencrypted PCRs from my > TPM, modify their values as I saw fit, and sign that configuration > instead. > > Even if the software that runs the remote attestation is honest (say, > because I'm running some Windows-based scheme that I can't easily > change), I can still elect to boot into Linux, authenticate to the TPM > with the owner password, and ask it to perform whatever operations I > want with whatever PCR configuration I want. You think remote attestation is voluntary, but by its nature it cannot be made voluntary. Voluntary means I can refuse to participate without giving the challenger any information about my system. However, my refusal to participate *IS* already information. In fact, if you add to it another piece of information -- namely, the (future) fact that everyone has a complete Treacherous stack --, what do you get? Right! You get the ability to distinguish who is running your CrapWare 2000[tm] DRM program and who isn't. Which means that in the future (unless computer users reject it outright), DRM proponents will have a very powerful tool in order to coerce everyone into using the anti-features they put in their programs (which obviously nobody *wants* to have, that's why they have to make it so confusing). -- Robert Millan I know my rights; I want my phone call! What use is a phone call… if you are unable to speak? (as seen on /.)