From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1MdqeB-0002oe-Dh for mharc-grub-devel@gnu.org; Wed, 19 Aug 2009 15:16:35 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MdqeA-0002oS-8Z for grub-devel@gnu.org; Wed, 19 Aug 2009 15:16:34 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Mdqe4-0002ny-P8 for grub-devel@gnu.org; Wed, 19 Aug 2009 15:16:33 -0400 Received: from [199.232.76.173] (port=46451 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Mdqe4-0002no-KX for grub-devel@gnu.org; Wed, 19 Aug 2009 15:16:28 -0400 Received: from vader.rez-gif.supelec.fr ([160.228.154.1]:48128) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1Mdqe4-0001SC-3g for grub-devel@gnu.org; Wed, 19 Aug 2009 15:16:28 -0400 Received: from localhost (localhost [127.0.0.1]) by vader.rez-gif.supelec.fr (Postfix) with ESMTP id A92962C6A63 for ; Wed, 19 Aug 2009 21:16:26 +0200 (CEST) X-Virus-Scanned: amavisd-new at rez-gif.supelec.fr Received: from vader.rez-gif.supelec.fr ([127.0.0.1]) by localhost (vader.rez-gif.supelec.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vXTYJ-jW9r9D for ; Wed, 19 Aug 2009 21:16:22 +0200 (CEST) Received: from [127.0.0.1] (duboucher2.rez-gif.supelec.fr [160.228.159.225]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by vader.rez-gif.supelec.fr (Postfix) with ESMTPS id 8BA062C6A5C for ; Wed, 19 Aug 2009 21:16:22 +0200 (CEST) Message-ID: <4A8C4F85.80102@duboucher.eu> Date: Wed, 19 Aug 2009 21:16:21 +0200 From: Duboucher Thomas User-Agent: Thunderbird 2.0.0.22 (Windows/20090605) MIME-Version: 1.0 To: The development of GRUB 2 References: <4A8BDB5B.5000407@labri.fr> <4A8C2970.5070200@duboucher.eu> <4A8C40CB.5020209@duboucher.eu> In-Reply-To: X-Enigmail-Version: 0.95.7 OpenPGP: id=A79F86A8 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2) Subject: Re: TPM support status ? X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Aug 2009 19:16:34 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vladimir 'phcoder' Serbinenko a =E9crit : > But why does a third instance (manufacturer) need to trust my key? > Only one: he wants a control. I don't see where the TPME needs to trust the EKP in the specification. >> Also, most of the time, the reset operation is disabled by the TPME. > This is a problem (again): you can't make TPM to behave like you want. Yep, but why would you allow reseting the EKP? You can reset everything else because you may need to, but it's no use reseting the EKP. >> It _can't_ be used for other operations iirc. > Checking you use windows? Not the TPM, only a ***** BIOS and a ***** manufacturer (which can base their scheme on TPM). We saw this in the past, but we didn't needed a TPM for that, only human mind. :| > The argument was "TPM aren't opposite of freedom". This was the idea, not the argument. > Why wouldn't he connect a hardware keylogger (price about $100, > reusable) or change keyboard firmware. Neither is detectable by TPM. Because sometimes the security isn't only reduced to a passphrase. Sometime tokens have their uses. > I don't believe it to be wonderful in anything except giving > impression of security. Increase of $100 is a gain but if your data is > worth less than that your laptop will be stolen for hardware and not > data. > If this measure didn't come with the risk of losing freedom I would be > for its inclusion but with warnings in manual that it provides no real > security (I wouldn't have spend time coding it though, neither would I > have used it). But considering the price (freedom) I reject it. > You lose the freedom the moment when you go in prison cell and someone > is able to close it regardless whether he actualy closes it or not - > he has you at his mercy. Don't you think it isn't even worth working on? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkqMT4QACgkQBV7eXqefhqiQ4wCgjfVQKceHIckhfQDI2AH9iSg5 ercAn2qP5/l/TA3OnE4aL/i+uJJRbg5u =3DCXEm -----END PGP SIGNATURE-----