From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1Me35R-00079o-RL for mharc-grub-devel@gnu.org; Thu, 20 Aug 2009 04:33:33 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Me35P-00078h-SO for grub-devel@gnu.org; Thu, 20 Aug 2009 04:33:31 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Me35O-00076b-Fl for grub-devel@gnu.org; Thu, 20 Aug 2009 04:33:31 -0400 Received: from [199.232.76.173] (port=36195 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Me35O-00076Q-D4 for grub-devel@gnu.org; Thu, 20 Aug 2009 04:33:30 -0400 Received: from mammon.mene.za.net ([78.46.253.195]:58461 helo=mail.mene.za.net) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1Me35N-000138-OF for grub-devel@gnu.org; Thu, 20 Aug 2009 04:33:30 -0400 Received: from mail.mene.za.net (localhost [127.0.0.1]) by mail.mene.za.net (Postfix) with ESMTP id 2BAE47E3A7 for ; Thu, 20 Aug 2009 10:33:27 +0200 (SAST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gorven.za.net; h=from:to :subject:date:references:in-reply-to:mime-version:content-type :content-transfer-encoding:message-id; s=alpha; bh=k4Rn5LKwjUEHP 1ORLXCbWFhO4ZU=; b=RozF2HelBsglxiYGbZbb9VeU784kZ5iOFGvn3fstU+NRo RmwgidGfuy8+fKaeiVHNOZyn0Yrwu738Gy9n3ZFqUoSi5Ca0jhScMZwoK2Xg571W YLhPau/hDsSxYmTY/qKVUqkYhmSDmCUAeqa2JMvEzcicttunLkWReV+or5YVUQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gorven.za.net; h=from:to :subject:date:references:in-reply-to:mime-version:content-type :content-transfer-encoding:message-id; q=dns; s=alpha; b=1HQ7avO ON3vpV7CpIK5sPsqbdm+3qbeCQ1TIx719EmIZEz6u94NwlXrt/7mWSwLf+Qoz8np LxiXnAXX65FtW5WR5OQyvoBYparD994Q3kL06sHatCy4J6xKSQrkPvBSkoz5BlYz kvn54YhXaag4lPkchBNPewpn9gR2dLjlUjcY= Received: from molech (dsl-241-125-225.telkomadsl.co.za [41.241.125.225]) by mail.mene.za.net (Postfix) with ESMTPSA id A80557E2EE for ; Thu, 20 Aug 2009 10:33:26 +0200 (SAST) From: Michael Gorven To: The development of GRUB 2 Date: Thu, 20 Aug 2009 10:33:13 +0200 User-Agent: KMail/1.9.10 References: <4A8BDB5B.5000407@labri.fr> <200908201008.01687.michael@gorven.za.net> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2211617.uMCdj6UOYu"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200908201033.21202.michael@gorven.za.net> X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2) Subject: Re: TPM support status ? X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Aug 2009 08:33:32 -0000 --nextPart2211617.uMCdj6UOYu Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Thursday 20 August 2009 10:20:02 Michal Suchanek wrote: > 2009/8/20 Michael Gorven : > > On Thursday 20 August 2009 09:59:42 Michal Suchanek wrote: > >> 2009/8/20 Michael Gorven : > >> > On Thursday 20 August 2009 09:49:06 Michal Suchanek wrote: > >> >> 2009/8/20 Michael Gorven : > >> >> > On Wednesday 19 August 2009 21:21:28 Michal Suchanek wrote: > >> >> >> Tell me one technical benefit of TPM over coreboot. > >> >> > > >> >> > Coreboot doesn't provide protected storage of secrets (e.g. > >> >> > harddrive decryption keys). > >> >> > >> >> TPM does not either at the time the BIOS is loaded. Remember, it's > >> >> the CPU what's running the BIOS, not the TPM chip. > >> >> > >> >> Only after BIOS enables TPM or coreboot enables any crypto device y= ou > >> >> choose you get any secrets or keys. > >> > > >> > So? It's still protected storage. You can read a BIOS chip, but you > >> > can't just read the contents of a TPM chip. > >> > >> You can use decent crypto storage rather than half-broken TPM. There > >> is no advantage to using it. > > > > Like what? > > There is hardware for secure key storage which you can put into some > card slot or USB and unlike TPM you can also remove it and store > separately from the computer which greatly decreases the chance that > your data would be compromised if your computer is stolen. But that doesn't protect the machine (and crypto card) from being physicall= y=20 compromised, so it's not the same as TPM. =2D-=20 http://michael.gorven.za.net PGP Key ID 1E016BE8 S/MIME Key ID AAF09E0E --nextPart2211617.uMCdj6UOYu Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQIVAwUASo0KUIOxIz1l+OmhAQq1Xg//Q1TdPEWg+8RaEJToOw2ITykKE7EiyzvY 5yHPuO/IXxVLqRdSE8h36JduXmkC87HJHzWIJ3Zsw/IAU4fABZjRDfRqUGSQo8T2 mfPWmhpKxm9lGWmfZDZ5OhdFKKMoPFfwh/Iuij650bR/ekMiCcIY/RW1xr8bCkPf roJfFnTHrSiy5a4aNcE0lQDNQZ/ieP6S7gX/BptB/tEYipTOgGDod6G58zDhX+Qo li2865XK/ZgIi2rZi89VxEG+/U5oaeoSTFcuQx0g6bkf2oo0+iscEWyaGoTsejbF EuBfb53QzLd1DpX4ThFrnP/kq43LyGd9G5bhTnEAEPdKauCyZl7oRfLahJfi0Qb+ b5h8QdrDdkLtxqw8cQyQ683iIR1iKRQSKSRaRRPyVk31j+9I7T/6q8QU9qpHjPAS YgwuZN//rRff5azaiScJESMBhDPvwMQ85VoMQRnphODzWT6Rxkuar982rRlLPai8 ZQ0LwyvOvf/kA5+tRNT5cH2QHvXRoUky5wFOyi06ktAK4T6nKCr20F7qWk2odnZ2 FvY/6TRr3PQobFkJTOFLjqiaI3a0qFaSkYdWR7bC3sJWO3gc3+p4uRiPe6zzItmA auLHExU87Sjidd48RBEAXwX5LBPEFcaL38Rr4W4SPNzRm9GtC3mEuUgyLoidP/u2 9oNOH+Lc28w= =Ha0P -----END PGP SIGNATURE----- --nextPart2211617.uMCdj6UOYu--