From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1LaydN-0000jJ-Rl for mharc-grub-devel@gnu.org; Sat, 21 Feb 2009 15:39:37 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LaydL-0000jE-IY for grub-devel@gnu.org; Sat, 21 Feb 2009 15:39:35 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LaydI-0000gu-A9 for grub-devel@gnu.org; Sat, 21 Feb 2009 15:39:33 -0500 Received: from [199.232.76.173] (port=39477 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LaydI-0000gg-27 for grub-devel@gnu.org; Sat, 21 Feb 2009 15:39:32 -0500 Received: from aybabtu.com ([69.60.117.155]:48486) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1LaydH-0001PT-Mi for grub-devel@gnu.org; Sat, 21 Feb 2009 15:39:31 -0500 Received: from [192.168.10.10] (helo=thorin) by aybabtu.com with esmtp (Exim 4.69) (envelope-from ) id 1LayWk-0000EB-0L for grub-devel@gnu.org; Sat, 21 Feb 2009 21:32:46 +0100 Received: from rmh by thorin with local (Exim 4.69) (envelope-from ) id 1LaydF-0004uH-0A for grub-devel@gnu.org; Sat, 21 Feb 2009 21:39:29 +0100 Date: Sat, 21 Feb 2009 21:39:28 +0100 From: Robert Millan To: The development of GRUB 2 Message-ID: <20090221203928.GG18492@thorin> References: <499DF97E.1080800@student.ethz.ch> <200902200945.51426.michael@gorven.za.net> <20090221135142.GK16068@thorin> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Organization: free as in freedom X-Message-Flag: Worried about Outlook viruses? Switch to Thunderbird! www.mozilla.com/thunderbird X-Debbugs-No-Ack: true User-Agent: Mutt/1.5.18 (2008-05-17) X-detected-operating-system: by monty-python.gnu.org: Genre and OS details not recognized. Subject: Re: A _good_ and valid use for TPM X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Feb 2009 20:39:35 -0000 On Sat, Feb 21, 2009 at 06:48:50PM +0200, Alex Besogonov wrote: > On Sat, Feb 21, 2009 at 3:51 PM, Robert Millan wrote: > > I don't agree with this analogy. Unlike cryptography, TPMs have been designed > > from the ground up to serve an evil purpose. They *could* have designed > > them with good intent, for example either of these could apply: > > - Buyer gets a printed copy of the TPM's private key when they buy a board. > Private part of the endorsement key _never_ leaves the device (if > manufacturer uses the recommended TPM_CreateEndorsementKeyPair > method). Even device manufacturer doesn't know it. Even if that is true (which I doubt), it's merely incidental, because... > Public key is then > signed by manufacturer's certificate. This ensures that the private > key can't be compromised. ...this ensures that $evil_bob can challenge you to prove you're running his proprietary anti-user software. >Besides, you can _disable_ endorsement key > (TPM_DisablePubekRead) to protect your privacy. Of course. And if you're serious about privacy, you can even trash your computer or unplug it from the internet. The question is, will it be practical for you to do disable the TPM a few years from now? -- Robert Millan The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and how) you may access your data; but nobody's threatening your freedom: we still allow you to remove your data and not access it at all."