From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with archive (Exim 4.43)
	id 1LaQ5R-0007UO-QY
	for mharc-grub-devel@gnu.org; Fri, 20 Feb 2009 02:46:17 -0500
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1LaQ5Q-0007TX-CT
	for grub-devel@gnu.org; Fri, 20 Feb 2009 02:46:16 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1LaQ5O-0007R5-4Z
	for grub-devel@gnu.org; Fri, 20 Feb 2009 02:46:15 -0500
Received: from [199.232.76.173] (port=53855 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1LaQ5N-0007Qp-VZ
	for grub-devel@gnu.org; Fri, 20 Feb 2009 02:46:14 -0500
Received: from mammon.mene.za.net ([78.46.253.195]:42706 helo=mail.mene.za.net)
	by monty-python.gnu.org with esmtps
	(TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60)
	(envelope-from <michael@gorven.za.net>) id 1LaQ5N-0002Gn-Fl
	for grub-devel@gnu.org; Fri, 20 Feb 2009 02:46:13 -0500
Received: from mail.mene.za.net (localhost [127.0.0.1])
	by mail.mene.za.net (Postfix) with ESMTP id 383E733A5E3;
	Fri, 20 Feb 2009 08:46:02 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gorven.za.net; h=from:to
	:subject:date:cc:references:in-reply-to:mime-version
	:content-type:content-transfer-encoding:message-id; s=alpha; bh=
	Tf6SfGz7FlnvNiljvplyIHSlhjo=; b=v3QTsnzK9DgN6sWSeRS1xrGIXkGDYQDE
	VelG48EqNGciynSyCCLI7uEpA3BfeGe9QRc/5wIQTAJJpSv5qXv25fCBAxfSxwgK
	CRTcfldUr8lT6AwU+03Ad/8sOcW/jpslyHl9L3ZpYGNs7Vmd8H93eYzMekHpdL3z
	bSAr2GNU6ZQ=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gorven.za.net; h=from:to:subject
	:date:cc:references:in-reply-to:mime-version:content-type
	:content-transfer-encoding:message-id; q=dns; s=alpha; b=QtPRtMn
	DQTdzldD6Wi44AKh2ofb3ngck/TvnI9g1iFlQPwjyIEiesRBpSWhNsQnpRqB4SoE
	89PFZ0C+XyE4ZrUVZ2WyDozYWBglJA3vkpbjdgDe2cKNi977eapSCAwFat4PoY6g
	gEMDEFlPqwWE1I0aZKSpieZGJk5G4IyOwokw=
Received: from molech (bengueladev.com [196.33.159.117])
	by mail.mene.za.net (Postfix) with ESMTPSA id 9B19533A5B5;
	Fri, 20 Feb 2009 08:46:00 +0100 (CET)
From: Michael Gorven <michael@gorven.za.net>
To: grub-devel@gnu.org
Date: Fri, 20 Feb 2009 09:45:28 +0200
User-Agent: KMail/1.9.10
References: <f9ca530f0902190943w37b6b6d1pb28d78748607a772@mail.gmail.com>
	<f9ca530f0902191300m8b742cahd691f038ffd7ff89@mail.gmail.com>
	<499DF97E.1080800@student.ethz.ch>
In-Reply-To: <499DF97E.1080800@student.ethz.ch>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart4604139.H96NAGxyHH";
	protocol="application/pgp-signature"; micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200902200945.51426.michael@gorven.za.net>
X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 1)
Cc: Alex Besogonov <alex.besogonov@gmail.com>
Subject: Re: A _good_ and valid use for TPM
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: The development of GRUB 2 <grub-devel@gnu.org>
List-Id: The development of GRUB 2 <grub-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Feb 2009 07:46:16 -0000

--nextPart4604139.H96NAGxyHH
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Friday 20 February 2009 02:29:50 Jan Alsenz wrote:
> So in the end (after boot) you have a bunch of PCR values, that represent
> all the code and data, that was used to boot the system. If you have this
> and are sure, that the current configuration is correct, you have a
> reference value of the expected system state, which you can use for the
> following:
> - seal a key:
> 	You can create a key with the TPM and "bind" it to specific values of the
> PCRs, so it only en/decrypts with it, if these values match.
> 	You can encrypt any kind of data with this, but the only useful thing for
> boot is to encrypt a cryptographic key needed to further start the system.

Last year I implemented support for encrypted partitions in GRUB2 [1], whic=
h=20
means that it can load kernels and ramdisks off encrypted partitions. TPM=20
support in GRUB2 would allow the key to be stored in the TPM and only=20
provided to GRUB once the system has checked that GRUB hasn't been tampered=
=20
with.

TPM can be used for good or for bad, but this is the case for everything=20
involving cryptography. We don't refuse to use encryption algorithms becaus=
e=20
they could be used for DRM, so why should we refuse to use TPM? TPM has the=
=20
potential to make Linux even more secure.

Regards
Michael

[1] My work is yet to be merged into GRUB2.

=2D-=20
http://michael.gorven.za.net
PGP Key ID 6612FE85
S/MIME Key ID AAF09E0E

--nextPart4604139.H96NAGxyHH
Content-Type: application/pgp-signature; name=signature.asc 
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQBJnl+vO9SWvWYS/oURAi7NAKCJWSAsK2BkDOIZVfkUwqY4spUqWgCaAhUC
ovyPmo4Ignt2/skl50DRlYI=
=Qace
-----END PGP SIGNATURE-----

--nextPart4604139.H96NAGxyHH--