From: Duboucher Thomas <thomas@duboucher.eu>
To: The development of GRUB 2 <grub-devel@gnu.org>
Subject: Re: TPM support status ?
Date: Wed, 19 Aug 2009 21:16:21 +0200 [thread overview]
Message-ID: <4A8C4F85.80102@duboucher.eu> (raw)
In-Reply-To: <d7ead6de0908191137p515fb213s6ae3504e26e5b86c@mail.gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Vladimir 'phcoder' Serbinenko a écrit :
> But why does a third instance (manufacturer) need to trust my key?
> Only one: he wants a control.
I don't see where the TPME needs to trust the EKP in the specification.
>> Also, most of the time, the reset operation is disabled by the TPME.
> This is a problem (again): you can't make TPM to behave like you want.
Yep, but why would you allow reseting the EKP? You can reset everything
else because you may need to, but it's no use reseting the EKP.
>> It _can't_ be used for other operations iirc.
> Checking you use windows?
Not the TPM, only a ***** BIOS and a ***** manufacturer (which can base
their scheme on TPM). We saw this in the past, but we didn't needed a
TPM for that, only human mind. :|
> The argument was "TPM aren't opposite of freedom".
This was the idea, not the argument.
> Why wouldn't he connect a hardware keylogger (price about $100,
> reusable) or change keyboard firmware. Neither is detectable by TPM.
Because sometimes the security isn't only reduced to a passphrase.
Sometime tokens have their uses.
> I don't believe it to be wonderful in anything except giving
> impression of security. Increase of $100 is a gain but if your data is
> worth less than that your laptop will be stolen for hardware and not
> data.
> If this measure didn't come with the risk of losing freedom I would be
> for its inclusion but with warnings in manual that it provides no real
> security (I wouldn't have spend time coding it though, neither would I
> have used it). But considering the price (freedom) I reject it.
> You lose the freedom the moment when you go in prison cell and someone
> is able to close it regardless whether he actualy closes it or not -
> he has you at his mercy.
Don't you think it isn't even worth working on?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkqMT4QACgkQBV7eXqefhqiQ4wCgjfVQKceHIckhfQDI2AH9iSg5
ercAn2qP5/l/TA3OnE4aL/i+uJJRbg5u
=CXEm
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2009-08-19 19:16 UTC|newest]
Thread overview: 83+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-19 11:00 TPM support status ? Emmanuel Fleury
2009-08-19 11:51 ` Vladimir 'phcoder' Serbinenko
2009-08-19 12:25 ` Michael Gorven
2009-08-19 12:42 ` Vladimir 'phcoder' Serbinenko
2009-08-19 13:24 ` Michael Gorven
2009-08-19 13:48 ` Vladimir 'phcoder' Serbinenko
2009-08-19 19:49 ` Michael Gorven
2009-08-19 20:13 ` Vladimir 'phcoder' Serbinenko
2009-08-19 14:01 ` Robert Millan
2009-08-19 19:53 ` Michael Gorven
2009-08-19 20:15 ` Vladimir 'phcoder' Serbinenko
2009-08-20 16:17 ` Robert Millan
2009-08-19 14:10 ` Robert Millan
2009-08-19 15:44 ` Isaac Dupree
2009-08-19 17:20 ` Vladimir 'phcoder' Serbinenko
2009-08-19 17:25 ` Duboucher Thomas
2009-08-19 17:39 ` Isaac Dupree
2009-08-19 18:01 ` Vladimir 'phcoder' Serbinenko
2009-08-19 18:36 ` Duboucher Thomas
2009-08-19 18:48 ` Vladimir 'phcoder' Serbinenko
2009-08-19 20:13 ` Michael Gorven
2009-08-19 20:25 ` Vladimir 'phcoder' Serbinenko
2009-08-20 7:38 ` Michael Gorven
2009-08-20 10:15 ` Vladimir 'phcoder' Serbinenko
2009-08-20 10:22 ` Michael Gorven
2009-08-20 10:29 ` Vladimir 'phcoder' Serbinenko
2009-08-20 16:36 ` Duboucher Thomas
2009-08-19 20:03 ` Michael Gorven
2009-08-19 20:18 ` Vladimir 'phcoder' Serbinenko
2009-08-19 14:42 ` Robert Millan
2009-08-19 20:16 ` Michael Gorven
2009-08-19 20:27 ` Vladimir 'phcoder' Serbinenko
2009-08-19 20:33 ` Michael Gorven
2009-08-19 20:34 ` Vladimir 'phcoder' Serbinenko
2009-08-19 20:45 ` Duboucher Thomas
2009-08-20 16:09 ` Robert Millan
2009-08-20 16:17 ` Michael Gorven
2009-08-20 16:13 ` Robert Millan
2009-08-19 14:34 ` Robert Millan
2009-08-19 16:33 ` Duboucher Thomas
2009-08-19 17:04 ` Vladimir 'phcoder' Serbinenko
2009-08-19 18:13 ` Duboucher Thomas
2009-08-19 18:37 ` Vladimir 'phcoder' Serbinenko
2009-08-19 19:16 ` Duboucher Thomas [this message]
2009-08-19 19:28 ` Vladimir 'phcoder' Serbinenko
2009-08-19 20:13 ` Duboucher Thomas
2009-08-19 20:22 ` Vladimir 'phcoder' Serbinenko
2009-08-19 20:37 ` Duboucher Thomas
2009-08-19 20:42 ` Michal Suchanek
2009-08-19 20:57 ` Duboucher Thomas
2009-08-19 21:00 ` Vladimir 'phcoder' Serbinenko
2009-08-19 21:07 ` Duboucher Thomas
2009-08-19 23:39 ` Michal Suchanek
2009-08-19 20:44 ` Vladimir 'phcoder' Serbinenko
2009-08-20 7:40 ` Michael Gorven
2009-08-20 10:19 ` Vladimir 'phcoder' Serbinenko
2009-08-19 19:21 ` Michal Suchanek
2009-08-20 7:41 ` Michael Gorven
2009-08-20 7:49 ` Michal Suchanek
2009-08-20 7:52 ` Michael Gorven
2009-08-20 7:59 ` Michal Suchanek
2009-08-20 8:07 ` Michael Gorven
2009-08-20 8:20 ` Michal Suchanek
2009-08-20 8:33 ` Michael Gorven
2009-08-20 10:21 ` Vladimir 'phcoder' Serbinenko
2009-08-20 10:58 ` Michal Suchanek
2009-08-20 11:15 ` Michael Gorven
2009-08-20 11:24 ` Vladimir 'phcoder' Serbinenko
2009-08-20 11:38 ` Michal Suchanek
2009-08-20 13:06 ` Vladimir 'phcoder' Serbinenko
2009-08-20 16:31 ` Duboucher Thomas
2009-08-20 17:47 ` about smartcards (Re: TPM support status ?) Robert Millan
2009-08-20 18:35 ` decoder
2009-08-20 19:48 ` Vladimir 'phcoder' Serbinenko
2009-08-20 20:02 ` Robert Millan
2009-08-20 20:11 ` decoder
2009-08-20 20:24 ` Vladimir 'phcoder' Serbinenko
2009-08-20 20:30 ` Robert Millan
2009-08-20 20:16 ` TPM support status ? Vladimir 'phcoder' Serbinenko
2009-08-20 17:50 ` Duboucher Thomas
2009-08-21 11:42 ` Michal Suchanek
2009-08-20 16:48 ` Robert Millan
2009-08-20 16:20 ` Robert Millan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A8C4F85.80102@duboucher.eu \
--to=thomas@duboucher.eu \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.