From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1Ld95m-00048o-GS for mharc-grub-devel@gnu.org; Fri, 27 Feb 2009 15:13:54 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Ld95k-000457-6Q for grub-devel@gnu.org; Fri, 27 Feb 2009 15:13:52 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Ld95f-00040c-VH for grub-devel@gnu.org; Fri, 27 Feb 2009 15:13:50 -0500 Received: from [199.232.76.173] (port=53927 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Ld95f-000406-EG for grub-devel@gnu.org; Fri, 27 Feb 2009 15:13:47 -0500 Received: from aybabtu.com ([69.60.117.155]:35044) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1Ld95f-0001D7-2D for grub-devel@gnu.org; Fri, 27 Feb 2009 15:13:47 -0500 Received: from [192.168.10.10] (helo=thorin) by aybabtu.com with esmtp (Exim 4.69) (envelope-from ) id 1Ld8yX-0006Wu-ED for grub-devel@gnu.org; Fri, 27 Feb 2009 21:06:26 +0100 Received: from rmh by thorin with local (Exim 4.69) (envelope-from ) id 1Ld8vS-0008GG-CB for grub-devel@gnu.org; Fri, 27 Feb 2009 21:03:14 +0100 Date: Fri, 27 Feb 2009 21:03:14 +0100 From: Robert Millan To: The development of GRUB 2 Message-ID: <20090227200314.GD31629@thorin> References: <499DB343.9020301@gmail.com> <499DF97E.1080800@student.ethz.ch> <20090221134607.GJ16068@thorin> <49A00DB7.2080003@student.ethz.ch> <20090221143440.GA16682@thorin> <49A0170E.9040908@student.ethz.ch> <20090221200844.GC18492@thorin> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Organization: free as in freedom X-Message-Flag: Worried about Outlook viruses? Switch to Thunderbird! www.mozilla.com/thunderbird X-Debbugs-No-Ack: true User-Agent: Mutt/1.5.18 (2008-05-17) X-detected-operating-system: by monty-python.gnu.org: Genre and OS details not recognized. Subject: Re: A _good_ and valid use for TPM X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2009 20:13:52 -0000 On Sun, Feb 22, 2009 at 03:21:21AM +0200, Alex Besogonov wrote: > Robert Millan wrote: >>> Making sure, that noone can override it, can be awfully difficult, especially >>> under a physical attacker. A hardware that is at least a bit designed to >>> withstand such an attack can help a lot. >> I'm not sure why is physical security so awfully difficult for you (can't you >> use locks, tamper-proof seals, cameras and alarms?), but most people who're in >> the bussiness of protecting physical goods manage to sort it out. > My devices will be installed at clients' locations. It's impossible to > guarantee that all devices will be physically secure. > > If you live in the USA then one day such device might contain your > private data. Would you like it to be stolen? My private data is safely stored. The stuff Google reads from my Gmail account is *not* private data. If you send your private stuff elsewhere and trust noone can read it because a small chip that's not even under your control told you so, you're being naive... > Reverse engineering the TPM chip is very costly. And I'm not going to > try to protect data from NSA or CIA or another three-letter agency. ...but thankfully, not as much as I thought. -- Robert Millan The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and how) you may access your data; but nobody's threatening your freedom: we still allow you to remove your data and not access it at all."