From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with archive (Exim 4.43)
	id 1LaUF1-0007yt-W2
	for mharc-grub-devel@gnu.org; Fri, 20 Feb 2009 07:12:28 -0500
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1LaUF0-0007yD-6o
	for grub-devel@gnu.org; Fri, 20 Feb 2009 07:12:26 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1LaUEy-0007xM-2M
	for grub-devel@gnu.org; Fri, 20 Feb 2009 07:12:25 -0500
Received: from [199.232.76.173] (port=47864 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1LaUEx-0007xC-Iv
	for grub-devel@gnu.org; Fri, 20 Feb 2009 07:12:23 -0500
Received: from mammon.mene.za.net ([78.46.253.195]:38627 helo=mail.mene.za.net)
	by monty-python.gnu.org with esmtps
	(TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60)
	(envelope-from <michael@gorven.za.net>) id 1LaUEx-0000cs-45
	for grub-devel@gnu.org; Fri, 20 Feb 2009 07:12:23 -0500
Received: from mail.mene.za.net (localhost [127.0.0.1])
	by mail.mene.za.net (Postfix) with ESMTP id 868B633A5E3
	for <grub-devel@gnu.org>; Fri, 20 Feb 2009 13:12:20 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gorven.za.net; h=from:to
	:subject:date:references:in-reply-to:mime-version:content-type
	:content-transfer-encoding:message-id; s=alpha; bh=S8uPXJf9SqCkj
	Qw6NbEmfyurUBU=; b=dEp42itMkqY0e2gc+heNZ4yQE4LKdUK8a53jh6+UtJ4KJ
	aLHk0kzXR2OSBtf9jJwUV6Na8+WXmTX9YmzcYmxKPeeEZH2AFq7uQ0ha5g+hArs9
	ALr+6mzJ2zMwaDqyvHicV3KHg+vc8c8MU1J+aDEXIgepocwGvc+fNDPU1nnIoU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gorven.za.net; h=from:to:subject
	:date:references:in-reply-to:mime-version:content-type
	:content-transfer-encoding:message-id; q=dns; s=alpha; b=2p4MfCx
	3ze7YN7bK+b6zlHb1tyaT8owFhr8fv1V1gu3l8id0zoTUFhPjUfPbjQSSddoIl55
	YgYn9/UzxCEztOJFn2bVLYw6XedZPYbvgn73kUcLhUl57b7LibjXMi7aJQhTvSBK
	OCEAOrLhbCP19uYJradcK77RLbgZ1hbCgddE=
Received: from molech (bengueladev.com [196.33.159.117])
	by mail.mene.za.net (Postfix) with ESMTPSA id 7A6F633A5B5
	for <grub-devel@gnu.org>; Fri, 20 Feb 2009 13:12:19 +0100 (CET)
From: Michael Gorven <michael@gorven.za.net>
To: The development of GRUB 2 <grub-devel@gnu.org>
Date: Fri, 20 Feb 2009 14:12:01 +0200
User-Agent: KMail/1.9.10
References: <f9ca530f0902190943w37b6b6d1pb28d78748607a772@mail.gmail.com>
	<200902200945.51426.michael@gorven.za.net>
	<499E93A0.2090108@gmail.com>
In-Reply-To: <499E93A0.2090108@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart4274075.u8cpWyDbSc";
	protocol="application/pgp-signature"; micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200902201412.15026.michael@gorven.za.net>
X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 1)
Subject: Re: A _good_ and valid use for TPM
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: The development of GRUB 2 <grub-devel@gnu.org>
List-Id: The development of GRUB 2 <grub-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Feb 2009 12:12:26 -0000

--nextPart4274075.u8cpWyDbSc
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Friday 20 February 2009 13:27:28 phcoder wrote:
> Free software is about freedom of choice. I think we should have
> possibility to have multiple authentication and key sources. Then one
> could e.g. not save password as md5 somewhere in configfile or embedded
> in module but check that this password opens luks. Or that it's a
> password of somebody in wheel group basing on /etc/passwd, /etc/shadow
> and /etc/group. In this case tpm-keyretrieve module may be developed
> outside of main trunk and if someone wants it he can download it

Yes, I agree that there should be multiple methods, but I don't see why the=
=20
TPM module shouldn't be in the main trunk. It wouldn't be forced on GRUB=20
users in any way -- we would just be giving them the option to use it. They=
=20
would have to explicitly enable and set it up. As Jan said, the TPM is a=20
passive device which can be used in any way we wish, and I don't see why=20
using some of its features to create a more secure system is wrong.

Regards
Michael

=2D-=20
http://michael.gorven.za.net
PGP Key ID 6612FE85
S/MIME Key ID AAF09E0E

--nextPart4274075.u8cpWyDbSc
Content-Type: application/pgp-signature; name=signature.asc 
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQBJnp4eO9SWvWYS/oURAtnhAJ0ekXxccGUUxupj1DcS5F7Xgv4q0wCdHhgA
VMDpcMPgDSUft6zaWfAjiMY=
=39GM
-----END PGP SIGNATURE-----

--nextPart4274075.u8cpWyDbSc--