From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with archive (Exim 4.43)
	id 1LatMk-0005dn-OS
	for mharc-grub-devel@gnu.org; Sat, 21 Feb 2009 10:02:06 -0500
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1LatMh-0005bD-QV
	for grub-devel@gnu.org; Sat, 21 Feb 2009 10:02:03 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1LatMh-0005aN-6r
	for grub-devel@gnu.org; Sat, 21 Feb 2009 10:02:03 -0500
Received: from [199.232.76.173] (port=43098 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1LatMh-0005aI-2S
	for grub-devel@gnu.org; Sat, 21 Feb 2009 10:02:03 -0500
Received: from xsmtp0.ethz.ch ([82.130.70.14]:32971)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <janalsenz@student.ethz.ch>) id 1LatMg-000731-Hi
	for grub-devel@gnu.org; Sat, 21 Feb 2009 10:02:02 -0500
Received: from xfe1.d.ethz.ch ([82.130.124.41]) by XSMTP0.ethz.ch with
	Microsoft SMTPSVC(6.0.3790.3959); Sat, 21 Feb 2009 16:02:00 +0100
Received: from [192.168.2.105] ([81.221.97.38]) by xfe1.d.ethz.ch over TLS
	secured channel with Microsoft SMTPSVC(6.0.3790.3959); 
	Sat, 21 Feb 2009 16:02:01 +0100
Message-ID: <49A0170E.9040908@student.ethz.ch>
Date: Sat, 21 Feb 2009 16:00:30 +0100
From: Jan Alsenz <janalsenz@student.ethz.ch>
User-Agent: Thunderbird 2.0.0.19 (X11/20090104)
MIME-Version: 1.0
To: The development of GRUB 2 <grub-devel@gnu.org>
References: <f9ca530f0902190943w37b6b6d1pb28d78748607a772@mail.gmail.com>	<499DB343.9020301@gmail.com>	<f9ca530f0902191300m8b742cahd691f038ffd7ff89@mail.gmail.com>	<499DF97E.1080800@student.ethz.ch>	<f9ca530f0902191703r48015c32h7d54cfac9b32cae3@mail.gmail.com>	<20090221134607.GJ16068@thorin>
	<49A00DB7.2080003@student.ethz.ch> <20090221143440.GA16682@thorin>
In-Reply-To: <20090221143440.GA16682@thorin>
X-Enigmail-Version: 0.95.7
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enig56C73BDB130C14D108099DB8"
X-OriginalArrivalTime: 21 Feb 2009 15:02:01.0242 (UTC)
	FILETIME=[597EA7A0:01C99435]
X-detected-operating-system: by monty-python.gnu.org: Windows 2000 SP4, XP SP1+
Subject: Re: A _good_ and valid use for TPM
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: The development of GRUB 2 <grub-devel@gnu.org>
List-Id: The development of GRUB 2 <grub-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Feb 2009 15:02:04 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig56C73BDB130C14D108099DB8
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Robert Millan wrote:
> On Sat, Feb 21, 2009 at 03:20:39PM +0100, Jan Alsenz wrote:
>>> "remote attestation" is only useful when you want to coerce others in=
to
>>> running your (generaly proprietary) software.  I hope this is not wha=
t you
>>> want to do.
>> Yes, this is exactly what he tries do to: convince his keyserver, that=
 the
>> requesting server runs, what it's supposed to.
>>
>> Which is exactly remote attestation, just in this case he controls bot=
h sides,
>> which I think makes it an interesting use of the technology.
>=20
> That would be like trying to rob yourself by threatening yourself with =
a gun,
> instead of simply drawing money from your wallet.

Sorry, I don't get that analogy...

> If you just want to ensure noone is tampering your box, simply make you=
r box
> tamper-proof.  You don't need a protocol to allow third parties to chec=
k
> anything.

Ok, but if you have such a protocol, only use it for yourself and do trus=
t the
manufacturer, you only have to secure one of your boxes instead of them a=
ll,
which is usually much easier.

>>> This is unnecessary.  Once GRUB supports crypto, it can simply load
>>> itself from an encrypted filesystem on disk.  An image can be of
>>> arbitrary size.
>> Ok, but where does it get the key from?
>=20
> The public key (or just a hash) can be embedded in GRUB itself.  In the=

> instance of GRUB that goes to the flash chip, that is.
>=20
>> And how can wherever the key comes from be sure that it's talking to G=
RUB?
>=20
> Because you put it there, and made sure noone can overwrite it afterwar=
ds.

Making sure, that noone can override it, can be awfully difficult, especi=
ally
under a physical attacker. A hardware that is at least a bit designed to
withstand such an attack can help a lot.

Greets,

Jan


--------------enig56C73BDB130C14D108099DB8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkmgFxMACgkQfZylhtn4XvdZfQCfQdknOeM/uRAxzCUqDFaAv+RX
6M0An2+8lEgJgQS8vxDKS1mMbD744QNY
=YdFb
-----END PGP SIGNATURE-----

--------------enig56C73BDB130C14D108099DB8--