From: Robert Millan <rmh@aybabtu.com>
To: The development of GRUB 2 <grub-devel@gnu.org>
Subject: Re: TPM support status ?
Date: Wed, 19 Aug 2009 16:34:20 +0200 [thread overview]
Message-ID: <20090819143420.GC4210@thorin> (raw)
In-Reply-To: <4A8BDB5B.5000407@labri.fr>
On Wed, Aug 19, 2009 at 01:00:43PM +0200, Emmanuel Fleury wrote:
> Dear all,
>
> I know this is a quite sensitive topic and I'm really not willing to
> start a new flame-war about it. I just want to know the exact status of
> it and what is the (official) position of the GRUB team on the TPM support.
>
> Last discussion about the TPM issue was in February (see:
> http://lists.gnu.org/archive/html/grub-devel/2009-02/msg00217.html) and
> it ended up with a kind of statu quo.
>
> I just propose to expose the consequences of TPM support for GRUB, first
> in a technical point of view and then on an ethical one. Then, I hope
> the GRUB team will write his official position on the TPM support.
Hi,
This is my official position on TPM support:
GRUB is part of the GNU project. This means we follow the same ultimate
goal, that is, enabling all computer users to enjoy the freedoms they
should have when using computer programs in them.
"TPM" is a device that is part of the "Trusted Computing" initiative. However,
referring to this as "Trusted" is misleading. As owner of your computer, you
are *already* able to trust your computer. The difference with "Trusted
Computing" is not on whether it's trusted, but on *who* can trust it: Someone
else can trust your computer, at the expense that it won't always obbey your
orders anymore.
Because of this, we avoid referring to it as "Trusted" and use "Treacherous"
instead.
As you can see, the purpose of TPMs is fundamentally incompatible with our
goal. It would be foolish for us to support them.
From a technical perspective, a TPM is not so different from a similar device
that we would consider legitimate: one that doesn't prevent the owner from
obtaining the private key of his own chip, or at least from using it to sign
arbitrary data. Unless a clearly distinct name was used, this would still
have the inconvenient that we would be promoting the mallicious version if
we supported it, but since this theoretical device doesn't exist anyway, it's
pointless to argue about it. TPMs as they exist today are not acceptable.
That said, remember that GRUB is free software, and you can modify it to
implement any feature (including mallicious ones like virus, spyware or
DRM), as long as you comply with the license requirements in the GPL.
--
Robert Millan
The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and
how) you may access your data; but nobody's threatening your freedom: we
still allow you to remove your data and not access it at all."
next prev parent reply other threads:[~2009-08-19 14:34 UTC|newest]
Thread overview: 83+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-19 11:00 TPM support status ? Emmanuel Fleury
2009-08-19 11:51 ` Vladimir 'phcoder' Serbinenko
2009-08-19 12:25 ` Michael Gorven
2009-08-19 12:42 ` Vladimir 'phcoder' Serbinenko
2009-08-19 13:24 ` Michael Gorven
2009-08-19 13:48 ` Vladimir 'phcoder' Serbinenko
2009-08-19 19:49 ` Michael Gorven
2009-08-19 20:13 ` Vladimir 'phcoder' Serbinenko
2009-08-19 14:01 ` Robert Millan
2009-08-19 19:53 ` Michael Gorven
2009-08-19 20:15 ` Vladimir 'phcoder' Serbinenko
2009-08-20 16:17 ` Robert Millan
2009-08-19 14:10 ` Robert Millan
2009-08-19 15:44 ` Isaac Dupree
2009-08-19 17:20 ` Vladimir 'phcoder' Serbinenko
2009-08-19 17:25 ` Duboucher Thomas
2009-08-19 17:39 ` Isaac Dupree
2009-08-19 18:01 ` Vladimir 'phcoder' Serbinenko
2009-08-19 18:36 ` Duboucher Thomas
2009-08-19 18:48 ` Vladimir 'phcoder' Serbinenko
2009-08-19 20:13 ` Michael Gorven
2009-08-19 20:25 ` Vladimir 'phcoder' Serbinenko
2009-08-20 7:38 ` Michael Gorven
2009-08-20 10:15 ` Vladimir 'phcoder' Serbinenko
2009-08-20 10:22 ` Michael Gorven
2009-08-20 10:29 ` Vladimir 'phcoder' Serbinenko
2009-08-20 16:36 ` Duboucher Thomas
2009-08-19 20:03 ` Michael Gorven
2009-08-19 20:18 ` Vladimir 'phcoder' Serbinenko
2009-08-19 14:42 ` Robert Millan
2009-08-19 20:16 ` Michael Gorven
2009-08-19 20:27 ` Vladimir 'phcoder' Serbinenko
2009-08-19 20:33 ` Michael Gorven
2009-08-19 20:34 ` Vladimir 'phcoder' Serbinenko
2009-08-19 20:45 ` Duboucher Thomas
2009-08-20 16:09 ` Robert Millan
2009-08-20 16:17 ` Michael Gorven
2009-08-20 16:13 ` Robert Millan
2009-08-19 14:34 ` Robert Millan [this message]
2009-08-19 16:33 ` Duboucher Thomas
2009-08-19 17:04 ` Vladimir 'phcoder' Serbinenko
2009-08-19 18:13 ` Duboucher Thomas
2009-08-19 18:37 ` Vladimir 'phcoder' Serbinenko
2009-08-19 19:16 ` Duboucher Thomas
2009-08-19 19:28 ` Vladimir 'phcoder' Serbinenko
2009-08-19 20:13 ` Duboucher Thomas
2009-08-19 20:22 ` Vladimir 'phcoder' Serbinenko
2009-08-19 20:37 ` Duboucher Thomas
2009-08-19 20:42 ` Michal Suchanek
2009-08-19 20:57 ` Duboucher Thomas
2009-08-19 21:00 ` Vladimir 'phcoder' Serbinenko
2009-08-19 21:07 ` Duboucher Thomas
2009-08-19 23:39 ` Michal Suchanek
2009-08-19 20:44 ` Vladimir 'phcoder' Serbinenko
2009-08-20 7:40 ` Michael Gorven
2009-08-20 10:19 ` Vladimir 'phcoder' Serbinenko
2009-08-19 19:21 ` Michal Suchanek
2009-08-20 7:41 ` Michael Gorven
2009-08-20 7:49 ` Michal Suchanek
2009-08-20 7:52 ` Michael Gorven
2009-08-20 7:59 ` Michal Suchanek
2009-08-20 8:07 ` Michael Gorven
2009-08-20 8:20 ` Michal Suchanek
2009-08-20 8:33 ` Michael Gorven
2009-08-20 10:21 ` Vladimir 'phcoder' Serbinenko
2009-08-20 10:58 ` Michal Suchanek
2009-08-20 11:15 ` Michael Gorven
2009-08-20 11:24 ` Vladimir 'phcoder' Serbinenko
2009-08-20 11:38 ` Michal Suchanek
2009-08-20 13:06 ` Vladimir 'phcoder' Serbinenko
2009-08-20 16:31 ` Duboucher Thomas
2009-08-20 17:47 ` about smartcards (Re: TPM support status ?) Robert Millan
2009-08-20 18:35 ` decoder
2009-08-20 19:48 ` Vladimir 'phcoder' Serbinenko
2009-08-20 20:02 ` Robert Millan
2009-08-20 20:11 ` decoder
2009-08-20 20:24 ` Vladimir 'phcoder' Serbinenko
2009-08-20 20:30 ` Robert Millan
2009-08-20 20:16 ` TPM support status ? Vladimir 'phcoder' Serbinenko
2009-08-20 17:50 ` Duboucher Thomas
2009-08-21 11:42 ` Michal Suchanek
2009-08-20 16:48 ` Robert Millan
2009-08-20 16:20 ` Robert Millan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090819143420.GC4210@thorin \
--to=rmh@aybabtu.com \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.