From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1LaskJ-0004I4-HS for mharc-grub-devel@gnu.org; Sat, 21 Feb 2009 09:22:23 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LaskH-0004GF-4d for grub-devel@gnu.org; Sat, 21 Feb 2009 09:22:21 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LaskD-0004DC-TM for grub-devel@gnu.org; Sat, 21 Feb 2009 09:22:20 -0500 Received: from [199.232.76.173] (port=55039 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LaskC-0004CJ-70 for grub-devel@gnu.org; Sat, 21 Feb 2009 09:22:16 -0500 Received: from xsmtp1.ethz.ch ([82.130.70.13]:28757) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LaskB-0005y6-Ky for grub-devel@gnu.org; Sat, 21 Feb 2009 09:22:15 -0500 Received: from xfe1.d.ethz.ch ([82.130.124.41]) by xsmtp1.ethz.ch with Microsoft SMTPSVC(6.0.3790.3959); Sat, 21 Feb 2009 15:22:14 +0100 Received: from [192.168.2.105] ([81.221.97.38]) by xfe1.d.ethz.ch over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Sat, 21 Feb 2009 15:22:14 +0100 Message-ID: <49A00DB7.2080003@student.ethz.ch> Date: Sat, 21 Feb 2009 15:20:39 +0100 From: Jan Alsenz User-Agent: Thunderbird 2.0.0.19 (X11/20090104) MIME-Version: 1.0 To: The development of GRUB 2 References: <499DB343.9020301@gmail.com> <499DF97E.1080800@student.ethz.ch> <20090221134607.GJ16068@thorin> In-Reply-To: <20090221134607.GJ16068@thorin> X-Enigmail-Version: 0.95.7 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig4A0B5D40BBA35460854CD139" X-OriginalArrivalTime: 21 Feb 2009 14:22:14.0305 (UTC) FILETIME=[CAC4F910:01C9942F] X-detected-operating-system: by monty-python.gnu.org: Windows 2000 SP4, XP SP1+ Subject: Re: A _good_ and valid use for TPM X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Feb 2009 14:22:21 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig4A0B5D40BBA35460854CD139 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Robert Millan wrote: > On Fri, Feb 20, 2009 at 03:03:04AM +0200, Alex Besogonov wrote: >> On Fri, Feb 20, 2009 at 2:29 AM, Jan Alsenz wrote: >> [skip] >>> The TPM can proof to another party, that the PCRs have certain= values (of >>> course the communication needs to be established by normal software r= unning on >>> the machine) >> Yes, I'm trying to do remote attestation. >=20 > You're confusing things. I think you simply want to ensure data integr= ity, and > the TPM doesn't even do that: it simply puts the problem in hands of a = third > party. >=20 > "remote attestation" is only useful when you want to coerce others into= > running your (generaly proprietary) software. I hope this is not what = you > want to do. Yes, this is exactly what he tries do to: convince his keyserver, that th= e requesting server runs, what it's supposed to. Which is exactly remote attestation, just in this case he controls both s= ides, which I think makes it an interesting use of the technology. >>>> First, I don't think it's possible to implement SHA-1 hashing in MBR= - >>>> there's probably just not enough space left in 512-byte code segment= >>>> for that. >>> I am very sure of that. >> Well, I spoke phcoder on Jabber - there might be a way to do this. >> He's going to investigate it. >=20 > This is unnecessary. Once GRUB supports crypto, it can simply load > itself from an encrypted filesystem on disk. An image can be of > arbitrary size. Ok, but where does it get the key from? And how can wherever the key comes from be sure that it's talking to GRUB= ? Greets, Jan --------------enig4A0B5D40BBA35460854CD139 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkmgDcAACgkQfZylhtn4Xvd8ewCg3tgbLMfNewuyxat4OP/u+jf4 JDoAoNY917QaJJXB1vRt1Lb2YyPTS8BM =k/gh -----END PGP SIGNATURE----- --------------enig4A0B5D40BBA35460854CD139--