From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MdpfV-00033P-6G for mharc-grub-devel@gnu.org; Wed, 19 Aug 2009 14:13:53 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MdpfS-00032z-Vt for grub-devel@gnu.org; Wed, 19 Aug 2009 14:13:51 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MdpfO-00032M-6r for grub-devel@gnu.org; Wed, 19 Aug 2009 14:13:50 -0400 Received: from [199.232.76.173] (port=33936 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MdpfO-00032J-0W for grub-devel@gnu.org; Wed, 19 Aug 2009 14:13:46 -0400 Received: from vader.rez-gif.supelec.fr ([160.228.154.1]:47070) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MdpfM-0005or-R4 for grub-devel@gnu.org; Wed, 19 Aug 2009 14:13:45 -0400 Received: from localhost (localhost [127.0.0.1]) by vader.rez-gif.supelec.fr (Postfix) with ESMTP id F2E222C6A6E for ; Wed, 19 Aug 2009 20:13:39 +0200 (CEST) X-Virus-Scanned: amavisd-new at rez-gif.supelec.fr Received: from vader.rez-gif.supelec.fr ([127.0.0.1]) by localhost (vader.rez-gif.supelec.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oM2hJdvbChFP for ; Wed, 19 Aug 2009 20:13:33 +0200 (CEST) Received: from [127.0.0.1] (duboucher2.rez-gif.supelec.fr [160.228.159.225]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by vader.rez-gif.supelec.fr (Postfix) with ESMTPS id CAAAF2C6A5C for ; Wed, 19 Aug 2009 20:13:32 +0200 (CEST) Message-ID: <4A8C40CB.5020209@duboucher.eu> Date: Wed, 19 Aug 2009 20:13:31 +0200 From: Duboucher Thomas User-Agent: Thunderbird 2.0.0.22 (Windows/20090605) MIME-Version: 1.0 To: The development of GRUB 2 References: <4A8BDB5B.5000407@labri.fr> <4A8C2970.5070200@duboucher.eu> In-Reply-To: X-Enigmail-Version: 0.95.7 OpenPGP: id=A79F86A8 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2) Subject: Re: TPM support status ? X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Aug 2009 18:13:51 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vladimir 'phcoder' Serbinenko a =E9crit : >>> 2) Ethical Aspects >>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >>> >> Every technology has its evil uses, so does TPM. However, there's a ve= ry >> large gap between currently implemented solutions and what you suggest= . > How can you know this? I met persons who say that it's very difficult > to mount a PKI infrastructure to make remote attestation. would have > agreed if remote attestation would be a corner case of something and > if there was no coordination between TPMs. But none of this holds > true. Additionally some manufacturers even say explicitly that the key > is "approved" and if you reset your TPM your key will be "unaproved" > which implies that some kind of such infrastructure exists. What key are you talking? The Endorsment Key Pair? Those are bound to the TPM (and so the platform). They may only be used for AIK generation and ownership. The result is that you can trust the medium you use to exchange private data with the tpm after taking control of it (using HMACs). Of course, if you reset the EKP, then the TPM is marked as unsecure (would you trust a website if its certificate has changed? oO). Also, most of the time, the reset operation is disabled by the TPME. It _can't_ be used for other operations iirc. >> Of course, someone may use TPM in a software suite that completly lock >> down your computer. However, I don't think that it's the TPM's fault; >> its just a technology. > Handcuffs are just a technology too but you probably wouldn't disagree > if I say that they are the opposite of freedom. Hmmm, handcuffs :) I don't think we are in a good direction, since you use different schemes to protect material and immaterial property. I don't disagree the fact that they are the opposite of freedom, but I won't personnaly count this as an argument. >> I would rather consider it's the fault of >> countries with laws that tolerates these behaviours ... > Money makes goverments blind. true :/ >> The goal of TPM is to be used in broader security schemes. Its use is >> only to make sure that the integrity of the system was preserved. This >> would prevent an attacker from inserting a stealth PCI device which ca= n >> leaks data using SMM. >> > Please ellaborate. Who is the attacker? What is he after in someone > else's computer? Obviously he isn't after hardware components. If he's > after the data then the owner of data should encrypt is with a decent > password. The attacker is someone that wants to steal a secret from you (and not the computer, the TPM is useless in this case). Imagine you have an unbreakable password (that requires a lot of imagination). The attacker will simply modify for example your bootloader with something like Stoned. However, if you use a shared secret and the TPM is part of share process (that means the integrity of your computer is part of the key retrieval process), then this attack will simply fail. Remember that you see a lot of TPM on laptops. >> As an ending note, I am much more less confident in Intel's processor >> microcode that is patented than in a chip I can deactivate and live >> without it. >> > Intel microcode is an issue too but it's not hte one which is > discussed right now I was talking about trust. Who and what can you trust? A closed-source software? A black box? Your local cyber-caf=E9? Do you trust a TPM in being a part of a chain of trust? I completly agree with the fact that we must be vigilant. TPM is another brick that can be used in any cryptographic applications (like CSS). However, I truly think that simply disregarding it is a mistake: It is an incredible tool in hardened software. But I also agree with the fact that it shouldn't be the goal of the Grub project. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkqMQMsACgkQBV7eXqefhqhFHQCguZ02qptk9RdsdJVMJvckM+ms c2QAoK23ZiWYYKRdiPDbSY3ROYzHSEdD =3DWISW -----END PGP SIGNATURE-----