From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1LaAz8-0007Xv-8X for mharc-grub-devel@gnu.org; Thu, 19 Feb 2009 10:38:46 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LaAz7-0007Xq-Ip for grub-devel@gnu.org; Thu, 19 Feb 2009 10:38:45 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LaAz5-0007Xe-Ss for grub-devel@gnu.org; Thu, 19 Feb 2009 10:38:45 -0500 Received: from [199.232.76.173] (port=40275 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LaAz5-0007Xb-Q9 for grub-devel@gnu.org; Thu, 19 Feb 2009 10:38:43 -0500 Received: from gateway11.websitewelcome.com ([67.18.55.4]:44619) by monty-python.gnu.org with smtp (Exim 4.60) (envelope-from ) id 1LaAz5-0000ky-BH for grub-devel@gnu.org; Thu, 19 Feb 2009 10:38:43 -0500 Received: (qmail 20264 invoked from network); 19 Feb 2009 15:59:16 -0000 Received: from gator297.hostgator.com (74.53.228.114) by gateway11.websitewelcome.com with SMTP; 19 Feb 2009 15:59:16 -0000 Received: from [67.185.177.95] (port=45513 helo=localhost) by gator297.hostgator.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.69) (envelope-from ) id 1LaAyx-0008UM-Mw for grub-devel@gnu.org; Thu, 19 Feb 2009 09:38:35 -0600 Date: Thu, 19 Feb 2009 07:38:36 -0800 From: Colin D Bennett To: grub-devel@gnu.org Message-ID: <20090219073836.2d532392@gibibit.com> In-Reply-To: <499D7526.70907@gmail.com> References: <499C7809.6030203@student.ethz.ch> <499D7526.70907@gmail.com> X-Mailer: Claws Mail 3.7.0 (GTK+ 2.14.7; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - gator297.hostgator.com X-AntiAbuse: Original Domain - gnu.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - gibibit.com X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 3) Subject: Re: A _good_ and valid use for TPM X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Feb 2009 15:38:45 -0000 On Thu, 19 Feb 2009 16:05:10 +0100 phcoder wrote: > Personally if tpm support is merged into mainline grub2 I'll stop using > it. However what you request doesn't need tpm. Authenticity of modules, > configuration files and so on can be verified by one of 4 methods: > 1) internal signatures > 2) file in signed gpg container > 3) detached signatures > 4) signed hash file While TPM may open a door for corporations to prevent machine owners from having control over their machines, in this instance I do not see another way to solve Alex's problem. To restate the problem: 1. The disk must be encrypted. 2. The system must be able to boot without human interaction. That is, a user cannot be prompted for a passphrase or key. The solution using TPM, as I understand it, essentially puts the encryption key into tamper-resistant memory in the TPM module, and supports integrity verification of the system, including the software on the hard disk, at load time. It sounds like any solution to problem points (1) and (2) would require some sort of tamper-resistant module to store the key and handle the first level of verification (to verify the initial code loaded from disk). From that point on, the verified boot sector code can read the encryption key and verify the next-higher level of software, and so on. The evil part of TPM seems to be when a person buys a computer but the computer is locked down with a key not provided to the buyer. Regards, Colin