From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1JmvOq-0004Le-QD for mharc-grub-devel@gnu.org; Fri, 18 Apr 2008 14:33:28 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1JmvOp-0004LV-GX for grub-devel@gnu.org; Fri, 18 Apr 2008 14:33:27 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1JmvOn-0004LB-Dk for grub-devel@gnu.org; Fri, 18 Apr 2008 14:33:26 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1JmvOn-0004L7-6O for grub-devel@gnu.org; Fri, 18 Apr 2008 14:33:25 -0400 Received: from fg-out-1718.google.com ([72.14.220.157]) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1JmvOn-0004Ev-En for grub-devel@gnu.org; Fri, 18 Apr 2008 14:33:25 -0400 Received: by fg-out-1718.google.com with SMTP id d23so866297fga.30 for ; Fri, 18 Apr 2008 11:33:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:references:in-reply-to:subject:date:mime-version:content-type:content-transfer-encoding:x-mailer:thread-index:content-language:message-id; bh=u8HRYNZfQLjuvJxK3gjN2K6oyRCAVAuLo1k3Ujf41q0=; b=qw3RSsR7ptkn57DgWbvxKSkidhPx5T3XFI4Xdrijy7GFa61OoyGy8WSr6CIIK0trgBueHmQ05fqYQxo3eTlfHi4vFPDqEWZYL+GZ/49krRyASqoiqY/spXQb+UnapT+HO0NxUo9kb/edTuCd8z45aPGu4pdeb2fN0BUGFESEo0Y= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:references:in-reply-to:subject:date:mime-version:content-type:content-transfer-encoding:x-mailer:thread-index:content-language:message-id; b=FF+2kSWCgw5asvElA5goOeUiviAc9BjBsk3lZGkZlQyVei1gbILZx/JGFzNglqH+KMC6qHbSFE6AKLKWpi0IY4ALDdMKAXKPc7chl/qdhty5ZThegjJ3li+Y5HYXaAB/pOjPkCfyk5UqLYPpIZtduldIGRuFo60UnAquNBRZfJw= Received: by 10.86.80.5 with SMTP id d5mr77435fgb.20.1208543600215; Fri, 18 Apr 2008 11:33:20 -0700 (PDT) Received: from Pep ( [88.182.84.63]) by mx.google.com with ESMTPS id 4sm236039fge.3.2008.04.18.11.33.18 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 18 Apr 2008 11:33:18 -0700 (PDT) From: =?iso-8859-1?Q?Laurent_Dufr=E9chou?= To: "'The development of GRUB 2'" References: <48086495.1c365e0a.2f2f.107f@mx.google.com> <20080418112203.GB26239@thorin> <1208542846.6642.30.camel@dukephillips.omgwallhack.org> In-Reply-To: <1208542846.6642.30.camel@dukephillips.omgwallhack.org> Date: Fri, 18 Apr 2008 20:33:07 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcihgQBsLKPSImiERGKWnDGTYhHU8QAAZWIw Content-Language: fr Message-ID: <4808e96e.0405560a.5eff.2665@mx.google.com> X-detected-kernel: by monty-python.gnu.org: Linux 2.6 (newer, 2) Subject: RE: TPM support with SATA drives X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Apr 2008 18:33:27 -0000 So, will grub2 will one day support TPM ? ;) -----Message d'origine----- De=A0: grub-devel-bounces+laurent.dufrechou=3Dgmail.com@gnu.org [mailto:grub-devel-bounces+laurent.dufrechou=3Dgmail.com@gnu.org] De la = part de Julian Blake Kongslie Envoy=E9=A0: vendredi 18 avril 2008 20:21 =C0=A0: The development of GRUB 2 Objet=A0: Re: TPM support with SATA drives On Fri, 2008-04-18 at 13:22 +0200, Robert Millan wrote: > Hi Laurent, >=20 > The problem with these TPM chips is that they have the hidden purpose = of > restricting you as user. Despite that you paid for the hardware and = are its > owner, the chip will never give you its master key. Sorry, but this message is confusing me. Having the TPM in my machine act as a cryptographic proxy on my behalf is the entire point of the TPM: if the software stack has access to the SRK then attackers would prefer to attack dead swap space or temp files rather than the TPM itself. > The idea behind this is that you can be coerced into accepting that someone > else can spy on your computer (they call it "remote attestation"). = When > enough users accept this form of blackmail, it will become impossible = to > resist to it in practice. And this is the really confusing part. How can someone else spy on my computer because of my TPM? I can *voluntarily* enter into a remote attestation system, but to do that I would need to tell my peers the public key I will be using to sign the attestations; if I was so inclined, I could choose any key that I like for this purpose, and instruct the software on my machine to get the unencrypted PCRs from my TPM, modify their values as I saw fit, and sign that configuration instead. Even if the software that runs the remote attestation is honest (say, because I'm running some Windows-based scheme that I can't easily change), I can still elect to boot into Linux, authenticate to the TPM with the owner password, and ask it to perform whatever operations I want with whatever PCR configuration I want. > For these reasons, I'd like to encourage you to consider the ethical > implications of using and supporting this technology, and look for > alternatives that would satisfy whatever needs you had in it (I'd = welcome > some discussion about that, to see how GRUB can help). --=20 -Julian Blake Kongslie If this is a mailing list, please CC me on replies. vim: set ft=3Dtext : _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel