From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with archive (Exim 4.43)
	id 1Laz2v-00039M-JG
	for mharc-grub-devel@gnu.org; Sat, 21 Feb 2009 16:06:01 -0500
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1Laz2u-00039H-7B
	for grub-devel@gnu.org; Sat, 21 Feb 2009 16:06:00 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1Laz2s-000392-6N
	for grub-devel@gnu.org; Sat, 21 Feb 2009 16:05:59 -0500
Received: from [199.232.76.173] (port=42773 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Laz2s-00038z-2Y
	for grub-devel@gnu.org; Sat, 21 Feb 2009 16:05:58 -0500
Received: from xsmtp1.ethz.ch ([82.130.70.13]:14484)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <janalsenz@student.ethz.ch>) id 1Laz2r-0005uE-HR
	for grub-devel@gnu.org; Sat, 21 Feb 2009 16:05:57 -0500
Received: from xfe1.d.ethz.ch ([82.130.124.41]) by xsmtp1.ethz.ch with
	Microsoft SMTPSVC(6.0.3790.3959); Sat, 21 Feb 2009 22:05:56 +0100
Received: from [192.168.2.105] ([81.221.97.38]) by xfe1.d.ethz.ch over TLS
	secured channel with Microsoft SMTPSVC(6.0.3790.3959); 
	Sat, 21 Feb 2009 22:05:55 +0100
Message-ID: <49A06C56.1040008@student.ethz.ch>
Date: Sat, 21 Feb 2009 22:04:22 +0100
From: Jan Alsenz <janalsenz@student.ethz.ch>
User-Agent: Thunderbird 2.0.0.19 (X11/20090104)
MIME-Version: 1.0
To: The development of GRUB 2 <grub-devel@gnu.org>
References: <f9ca530f0902190943w37b6b6d1pb28d78748607a772@mail.gmail.com>	<200902200945.51426.michael@gorven.za.net>	<20090221135142.GK16068@thorin>	<200902211729.52450.michael@gorven.za.net>
	<20090221203136.GF18492@thorin>
In-Reply-To: <20090221203136.GF18492@thorin>
X-Enigmail-Version: 0.95.7
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enig07C3F3504045A59D94A3939F"
X-OriginalArrivalTime: 21 Feb 2009 21:05:56.0342 (UTC)
	FILETIME=[303A8160:01C99468]
X-detected-operating-system: by monty-python.gnu.org: Windows 2000 SP4, XP SP1+
Subject: Re: A _good_ and valid use for TPM
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: The development of GRUB 2 <grub-devel@gnu.org>
List-Id: The development of GRUB 2 <grub-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Feb 2009 21:06:00 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig07C3F3504045A59D94A3939F
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hi!

I don't want to be picky here, but you know that remote attestation is si=
mply
sending signed hash values?
The important thing is that the receiver has trust in the protection of t=
he
private key.

So if you build me a coreboot/GRUB version with a trusted boot chain I ca=
n
happily implement a remote attestation scheme with it and ship it to my c=
ustomers.

Greets,

Jan


Robert Millan wrote:
> On Sat, Feb 21, 2009 at 05:29:34PM +0200, Michael Gorven wrote:
>> On Saturday 21 February 2009 15:51:42 Robert Millan wrote:
>>> On Fri, Feb 20, 2009 at 09:45:28AM +0200, Michael Gorven wrote:
>>>> TPM can be used for good or for bad, but this is the case for everyt=
hing
>>>> involving cryptography. We don't refuse to use encryption algorithms=

>>>> because they could be used for DRM, so why should we refuse to use T=
PM?
>>> I don't agree with this analogy.  Unlike cryptography, TPMs have been=

>>> designed from the ground up to serve an evil purpose.  They *could* h=
ave
>>> designed them with good intent, for example either of these could app=
ly:
>>>
>>>   - Buyer gets a printed copy of the TPM's private key when they buy =
a
>>> board.
>>>
>>>   - An override button that's physically accessible from the chip can=
 be
>>>     used to disable "hostile mode" and make the TPM sign everything. =
 From
>>>     that point physical access can be managed with traditional method=
s
>>> (e.g. locks).
>>>
>>> But they didn't.
>> Just to clarify, are you objecting to the use of TPM on principle and =
because=20
>> you don't want to encourage use of it, or because you think this speci=
fic use=20
>> (trusted boot path) is dangerous?
>=20
> I can't reply to this question, because it's not just a specific use, i=
t's
> part of the design, of its purpose.  One of the design goals is remote
> attestation, which is a threat to our freedom and is unethical.
>=20
> If there was a device that behaves like a TPM except remote attestation=
 is
> not possible (e.g. by one of the means described above), I wouldn't obj=
ect
> to it, and I think the GNU project wouldn't either, but then referring =
to
> that as "TPM" is misleading.
>=20


--------------enig07C3F3504045A59D94A3939F
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkmgbF0ACgkQfZylhtn4XvenrACgh6tWgFdhRk/9SNqDEpoWaRhN
tdAAnRWPstS+jzeAqLA+/lVfJ7Rlv2eP
=AyuY
-----END PGP SIGNATURE-----

--------------enig07C3F3504045A59D94A3939F--