From: Jan Alsenz <janalsenz@student.ethz.ch>
To: The development of GRUB 2 <grub-devel@gnu.org>
Subject: Re: A _good_ and valid use for TPM
Date: Sat, 21 Feb 2009 16:00:30 +0100 [thread overview]
Message-ID: <49A0170E.9040908@student.ethz.ch> (raw)
In-Reply-To: <20090221143440.GA16682@thorin>
[-- Attachment #1: Type: text/plain, Size: 1808 bytes --]
Robert Millan wrote:
> On Sat, Feb 21, 2009 at 03:20:39PM +0100, Jan Alsenz wrote:
>>> "remote attestation" is only useful when you want to coerce others into
>>> running your (generaly proprietary) software. I hope this is not what you
>>> want to do.
>> Yes, this is exactly what he tries do to: convince his keyserver, that the
>> requesting server runs, what it's supposed to.
>>
>> Which is exactly remote attestation, just in this case he controls both sides,
>> which I think makes it an interesting use of the technology.
>
> That would be like trying to rob yourself by threatening yourself with a gun,
> instead of simply drawing money from your wallet.
Sorry, I don't get that analogy...
> If you just want to ensure noone is tampering your box, simply make your box
> tamper-proof. You don't need a protocol to allow third parties to check
> anything.
Ok, but if you have such a protocol, only use it for yourself and do trust the
manufacturer, you only have to secure one of your boxes instead of them all,
which is usually much easier.
>>> This is unnecessary. Once GRUB supports crypto, it can simply load
>>> itself from an encrypted filesystem on disk. An image can be of
>>> arbitrary size.
>> Ok, but where does it get the key from?
>
> The public key (or just a hash) can be embedded in GRUB itself. In the
> instance of GRUB that goes to the flash chip, that is.
>
>> And how can wherever the key comes from be sure that it's talking to GRUB?
>
> Because you put it there, and made sure noone can overwrite it afterwards.
Making sure, that noone can override it, can be awfully difficult, especially
under a physical attacker. A hardware that is at least a bit designed to
withstand such an attack can help a lot.
Greets,
Jan
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 197 bytes --]
next prev parent reply other threads:[~2009-02-21 15:02 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-19 17:43 A _good_ and valid use for TPM Alex Besogonov
2009-02-19 19:30 ` phcoder
2009-02-19 21:00 ` Alex Besogonov
2009-02-20 0:29 ` Jan Alsenz
2009-02-20 1:03 ` Alex Besogonov
2009-02-20 7:47 ` Jan Alsenz
2009-02-22 1:14 ` Alex Besogonov
2009-02-27 19:59 ` Robert Millan
2009-02-21 13:46 ` Robert Millan
2009-02-21 14:20 ` Jan Alsenz
2009-02-21 14:34 ` Robert Millan
2009-02-21 15:00 ` Jan Alsenz [this message]
2009-02-21 20:08 ` Robert Millan
2009-02-22 1:21 ` Alex Besogonov
2009-02-22 9:44 ` phcoder
2009-02-22 14:49 ` Michal Suchanek
2009-02-22 15:33 ` phcoder
2009-02-23 2:34 ` step21
2009-02-23 13:35 ` Michal Suchanek
2009-02-27 20:07 ` Robert Millan
2009-02-27 20:03 ` Robert Millan
2009-02-21 16:29 ` Alex Besogonov
2009-02-21 17:03 ` phcoder
2009-02-21 20:23 ` Robert Millan
2009-02-21 20:21 ` Robert Millan
2009-02-22 1:26 ` Alex Besogonov
2009-02-27 20:13 ` Robert Millan
2009-02-20 7:45 ` Michael Gorven
2009-02-20 11:27 ` phcoder
2009-02-20 12:12 ` Michael Gorven
2009-02-20 17:31 ` Jan Alsenz
2009-02-20 18:35 ` Vesa Jääskeläinen
2009-02-20 19:35 ` Jan Alsenz
2009-02-21 13:59 ` Robert Millan
2009-02-21 13:51 ` Robert Millan
2009-02-21 15:29 ` Michael Gorven
2009-02-21 20:31 ` Robert Millan
2009-02-21 20:43 ` Michael Gorven
2009-02-21 21:04 ` Robert Millan
2009-02-21 21:17 ` Jan Alsenz
2009-02-21 21:27 ` phcoder
2009-02-21 21:32 ` Robert Millan
2009-02-21 21:57 ` Jan Alsenz
2009-02-21 23:19 ` Robert Millan
2009-02-21 21:04 ` Jan Alsenz
2009-02-21 21:27 ` Robert Millan
2009-02-22 2:10 ` Isaac Dupree
2009-02-27 20:28 ` Robert Millan
2009-02-21 16:48 ` Alex Besogonov
2009-02-21 20:39 ` Robert Millan
2009-02-22 1:02 ` Alex Besogonov
2009-02-27 20:33 ` Robert Millan
2009-02-21 16:58 ` Alex Besogonov
2009-02-21 17:08 ` phcoder
2009-02-21 20:43 ` Robert Millan
2009-02-21 13:31 ` Robert Millan
-- strict thread matches above, loose matches on Subject: below --
2009-02-21 2:27 Alex Besogonov
2009-02-18 14:10 Alex Besogonov
2009-02-18 14:52 ` Isaac Dupree
2009-02-18 15:10 ` Alex Besogonov
2009-02-18 22:03 ` Isaac Dupree
2009-02-19 9:46 ` Alex Besogonov
2009-02-18 9:10 Alex Besogonov
2009-02-18 12:16 ` phcoder
[not found] ` <499C7809.6030203@student.ethz.ch>
2009-02-19 10:21 ` Alex Besogonov
2009-02-19 15:05 ` phcoder
2009-02-19 15:38 ` Colin D Bennett
2009-02-19 16:29 ` phcoder
2009-02-21 13:38 ` Robert Millan
2009-02-21 13:43 ` phcoder
2009-02-21 14:00 ` Jan Alsenz
2009-02-19 15:44 ` Michal Suchanek
2009-02-19 16:02 ` phcoder
2009-02-21 13:22 ` Robert Millan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49A0170E.9040908@student.ethz.ch \
--to=janalsenz@student.ethz.ch \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.