From: Robert Millan <rmh@aybabtu.com>
To: The development of GRUB 2 <grub-devel@gnu.org>
Subject: Re: TPM support with SATA drives
Date: Tue, 6 May 2008 16:33:14 +0200 [thread overview]
Message-ID: <20080506143314.GA23773@thorin> (raw)
In-Reply-To: <200804262258.14459.Chris.Knadle@coredump.us>
On Sat, Apr 26, 2008 at 10:58:14PM -0400, Chris Knadle wrote:
>
> I think you're right about TPM, Robert. :-/
>
> I recently acquired a laptop that came with a TPM chip; thankfully I was
> aware of what TPM was indended to be used for and had read warnings on the
> matter from privacy advocates. The laptop came with Vista preloaded, which
> asked a vague [and perhaps intentionally misleading] question, something
> along the lines of: "This device has a TPM chip which has not yet been
> activated, would you like to activate it now? It will help security if you
> do." [To which I answered NO.]
>
> And in the BIOS settings, sure enough there are some TPM feature settings
> that are very clearly not to the benefit of the user/owner:
>
> Security Reporting Options: (each below has enable/disable option)
> BIOS ROM String Reporting
> ESCD Reporting
> CMOS Reporting
> NVRAM Reporting
> SMBIOS Reporting
> Clear Security Chip (enable/disable)
> Note says: "It will not be possible to access already-encrypted data
> after these keys are cleared"
>
> I think it's pretty clear that the intent is to report the above
> information to the OS manufacturer rather than to the user or owner.
I'm not sure if this is what you found. Maybe it's too early, but it's
certainly something that I expect seeing in the near future. When EFI
starts being deployed out there, new firmware implementations will have
the capability to spy on you all by themselves, since they can trap all
memory accesses and come with a networking stack they can use to call home.
Really scary...
--
Robert Millan
<GPLv2> I know my rights; I want my phone call!
<DRM> What use is a phone call… if you are unable to speak?
(as seen on /.)
next prev parent reply other threads:[~2008-05-06 14:34 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-18 9:06 TPM support with SATA drives Laurent Dufréchou
2008-04-18 11:22 ` Robert Millan
2008-04-18 18:20 ` Julian Blake Kongslie
2008-04-18 18:33 ` Laurent Dufréchou
2008-04-19 11:41 ` Robert Millan
2008-04-19 11:34 ` Robert Millan
2008-04-27 2:58 ` Chris Knadle
2008-05-06 14:33 ` Robert Millan [this message]
2008-04-18 11:27 ` Robert Millan
2008-04-18 12:07 ` Laurent Dufréchou
2008-04-18 12:23 ` Robert Millan
2008-04-18 12:08 ` Laurent Dufrechou
2008-04-18 12:08 ` Laurent Dufrechou
2008-04-18 12:33 ` Robert Millan
[not found] <1208675222.25233.32.camel@dukephillips.omgwallhack.org>
2008-04-20 9:58 ` Robert Millan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080506143314.GA23773@thorin \
--to=rmh@aybabtu.com \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.