From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with archive (Exim 4.43)
	id 1Las8o-0004ki-Qc
	for mharc-grub-devel@gnu.org; Sat, 21 Feb 2009 08:43:38 -0500
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1Las8k-0004jL-Ad
	for grub-devel@gnu.org; Sat, 21 Feb 2009 08:43:34 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1Las8i-0004j9-5m
	for grub-devel@gnu.org; Sat, 21 Feb 2009 08:43:33 -0500
Received: from [199.232.76.173] (port=56031 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Las8h-0004j6-Fn
	for grub-devel@gnu.org; Sat, 21 Feb 2009 08:43:31 -0500
Received: from fg-out-1718.google.com ([72.14.220.157]:11217)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <phcoder@gmail.com>) id 1Las8h-0006D7-0K
	for grub-devel@gnu.org; Sat, 21 Feb 2009 08:43:31 -0500
Received: by fg-out-1718.google.com with SMTP id l27so1650487fgb.30
	for <grub-devel@gnu.org>; Sat, 21 Feb 2009 05:43:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from
	:user-agent:mime-version:to:subject:references:in-reply-to
	:content-type:content-transfer-encoding;
	bh=sbkv0eHH+3v/F7K+Exq79Rydjl20EexL/Xbz8x/jIt0=;
	b=qqk52/hvq3VMjbXmmwgRhbxHw45iE1WrVi/yaC9jWZhNBkjhV1Pbxla8mEWmnBiU6/
	MzDkDih+uPgwhJsNh8hA7VXUjzeUihaRCUvlujMHF4GrhBEzIaahgB+U6J8SvhukS1ss
	XN8xL4+OG+cgbjqK63p6Ov6Kz3ERsk5h7W8J4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:user-agent:mime-version:to:subject:references
	:in-reply-to:content-type:content-transfer-encoding;
	b=pyCj/b4ymjV8m51GGEnL/DnTc/tkKPRCfkH4zX9Iof6I4ipram9d4Y/LWFvfq1Wpgw
	NXmmSmNE7F02vzEPe9+LQ3Xzlic0pqBBValAkEqXg6UeZ1TiXAFJxJ5Cv6m7/EYfS3v6
	5JvkXUG0rNM1864zUoAQ3q+CiImyJNcrhzzsQ=
Received: by 10.86.92.4 with SMTP id p4mr1695193fgb.36.1235223810223;
	Sat, 21 Feb 2009 05:43:30 -0800 (PST)
Received: from ?192.168.1.25? (166-90.62-81.cust.bluewin.ch [81.62.90.166])
	by mx.google.com with ESMTPS id e20sm9987733fga.56.2009.02.21.05.43.29
	(version=SSLv3 cipher=RC4-MD5); Sat, 21 Feb 2009 05:43:29 -0800 (PST)
Message-ID: <49A00501.30108@gmail.com>
Date: Sat, 21 Feb 2009 14:43:29 +0100
From: phcoder <phcoder@gmail.com>
User-Agent: Thunderbird 2.0.0.19 (X11/20090105)
MIME-Version: 1.0
To: The development of GRUB 2 <grub-devel@gnu.org>
References: <f9ca530f0902180110x3e8a0983l62947441d7129231@mail.gmail.com>	<499C7809.6030203@student.ethz.ch>	<f9ca530f0902190221u6bd5eb8bm4ace59f7c531249c@mail.gmail.com>	<499D7526.70907@gmail.com>
	<20090219073836.2d532392@gibibit.com>
	<20090221133852.GI16068@thorin>
In-Reply-To: <20090221133852.GI16068@thorin>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2)
Subject: Re: A _good_ and valid use for TPM
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: The development of GRUB 2 <grub-devel@gnu.org>
List-Id: The development of GRUB 2 <grub-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Feb 2009 13:43:35 -0000

And in this scenario the encryption key would also be in flash. Since 
you can't boot unchecked software and normal linux security wouldn't 
allow you to read flash unless you have the root password you can't 
recover the key
Regards
Vladimir 'phcoder' Serbinenko
Robert Millan wrote:
> On Thu, Feb 19, 2009 at 07:38:36AM -0800, Colin D Bennett wrote:
>> While TPM may open a door for corporations to prevent machine owners
>> from having control over their machines, in this instance I do not see
>> another way to solve Alex's problem.
> 
> There's an easy way out of this.  Simply verify data integrity from the
> flash chip, and make sure nobody can write to the flash chip.
> 
> You can archieve the first by e.g. installing coreboot/GRUB there and
> add some crypto support to it.
> 
> You can archieve the second by cutting the WE wire, or by dumping lots of
> concrete over your board.  Yes, this is a gazillon times more secure than
> a TPM.  TPMs are vulnerable to reverse engineering.
> 
>> The evil part of TPM seems to be when a person buys a computer but the
>> computer is locked down with a key not provided to the buyer.
> 
> Precisely.  If it came with a key that is known to the buyer (e.g. printed
> on paper), or with an override mechanism that is only accessible to its
> legitimate buyer, there would be no problem with it.
> 
> But AFAICT there are no TPMs that do this.  It probably even violates the
> spec.
>