Re: A _good_ and valid use for TPM

[phcoder <phcoder@gmail.com>]

First of all you can write anything in specifications. Real chips don't 
necessary follow specifications. It's even said that it's "optional". 
Secondly this certificate makes regenerating worthless. Companies 
coercing you into using they software may challenge you to use signed 
public key. Then you still have a choice to regenerate your key but it's 
simply equivalent to "but nobody's threatening your freedom: we
   still allow you to remove your data and not access it at all.". It's 
equivalent to just smashing your tpm.
Regards
Vladimir 'phcoder' Serbinenko
Alex Besogonov wrote:
> On Sat, Feb 21, 2009 at 3:51 PM, Robert Millan <rmh@aybabtu.com> wrote:
>>  - An override button that's physically accessible from the chip can be
>>    used to disable "hostile mode" and make the TPM sign everything.  From
>>    that point physical access can be managed with traditional methods (e.g.
>>    locks).
>> But they didn't.
> And actually, they did.
> ================================
> New flexibility in EKs. In the 1.1b specification, endorsement keys
> were fixed in the
> chip at manufacture. This allowed a certificate to be provided by the
> manufacturer for the
> key. However, some privacy advocates are worried about the EK becoming
> a nonchangeable
> identifier (in spite of all the privacy controls around it, which
> would make doing
> this very difficult). ***As a result, the specification allows a
> manufacturer to allow the key to
> be removed by the end user and regenerated.*** Of course the
> certificate at that point would
> become worthless, and it could be very expensive for the end user to
> get a new certificate.
> ================================
> https://www.trustedcomputinggroup.org/specs/TSS/TSS_1_2_Errata_A-final.pdf
> 
> 
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> http://lists.gnu.org/mailman/listinfo/grub-devel