RE: TPM support with SATA drives

From: "Laurent Dufréchou" <laurent.dufrechou@gmail.com>
To: "'The development of GRUB 2'" <grub-devel@gnu.org>
Subject: RE: TPM support with SATA drives
Date: Fri, 18 Apr 2008 20:33:07 +0200	[thread overview]
Message-ID: <4808e96e.0405560a.5eff.2665@mx.google.com> (raw)
In-Reply-To: <1208542846.6642.30.camel@dukephillips.omgwallhack.org>

So, will grub2 will one day support TPM ? ;)

-----Message d'origine-----
De : grub-devel-bounces+laurent.dufrechou=gmail.com@gnu.org
[mailto:grub-devel-bounces+laurent.dufrechou=gmail.com@gnu.org] De la part
de Julian Blake Kongslie
Envoyé : vendredi 18 avril 2008 20:21
À : The development of GRUB 2
Objet : Re: TPM support with SATA drives

On Fri, 2008-04-18 at 13:22 +0200, Robert Millan wrote:
> Hi Laurent,
> 
> The problem with these TPM chips is that they have the hidden purpose of
> restricting you as user.  Despite that you paid for the hardware and are
its
> owner, the chip will never give you its master key.

Sorry, but this message is confusing me. Having the TPM in my machine
act as a cryptographic proxy on my behalf is the entire point of the
TPM: if the software stack has access to the SRK then attackers would
prefer to attack dead swap space or temp files rather than the TPM
itself.

> The idea behind this is that you can be coerced into accepting that
someone
> else can spy on your computer (they call it "remote attestation").  When
> enough users accept this form of blackmail, it will become impossible to
> resist to it in practice.

And this is the really confusing part. How can someone else spy on my
computer because of my TPM? I can *voluntarily* enter into a remote
attestation system, but to do that I would need to tell my peers the
public key I will be using to sign the attestations; if I was so
inclined, I could choose any key that I like for this purpose, and
instruct the software on my machine to get the unencrypted PCRs from my
TPM, modify their values as I saw fit, and sign that configuration
instead.

Even if the software that runs the remote attestation is honest (say,
because I'm running some Windows-based scheme that I can't easily
change), I can still elect to boot into Linux, authenticate to the TPM
with the owner password, and ask it to perform whatever operations I
want with whatever PCR configuration I want.

> For these reasons, I'd like to encourage you to consider the ethical
> implications of using and supporting this technology, and look for
> alternatives that would satisfy whatever needs you had in it (I'd welcome
> some discussion about that, to see how GRUB can help).

-- 
-Julian Blake Kongslie
<jblake@omgwallhack.org>

If this is a mailing list, please CC me on replies.
vim: set ft=text :

_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel