From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with archive (Exim 4.43)
	id 1Mdruw-00015k-PI
	for mharc-grub-devel@gnu.org; Wed, 19 Aug 2009 16:37:58 -0400
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1Mdruv-00015a-CS
	for grub-devel@gnu.org; Wed, 19 Aug 2009 16:37:57 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1Mdrur-00015G-Sm
	for grub-devel@gnu.org; Wed, 19 Aug 2009 16:37:57 -0400
Received: from [199.232.76.173] (port=57991 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Mdrur-00015D-Pk
	for grub-devel@gnu.org; Wed, 19 Aug 2009 16:37:53 -0400
Received: from vader.rez-gif.supelec.fr ([160.228.154.1]:33065)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <thomas@duboucher.eu>) id 1Mdrur-0002qz-7e
	for grub-devel@gnu.org; Wed, 19 Aug 2009 16:37:53 -0400
Received: from localhost (localhost [127.0.0.1])
	by vader.rez-gif.supelec.fr (Postfix) with ESMTP id 1A6F72C6A7F
	for <grub-devel@gnu.org>; Wed, 19 Aug 2009 22:37:44 +0200 (CEST)
X-Virus-Scanned: amavisd-new at rez-gif.supelec.fr
Received: from vader.rez-gif.supelec.fr ([127.0.0.1])
	by localhost (vader.rez-gif.supelec.fr [127.0.0.1]) (amavisd-new,
	port 10024) with ESMTP id C5LXAPRSmFSg for <grub-devel@gnu.org>;
	Wed, 19 Aug 2009 22:37:41 +0200 (CEST)
Received: from [127.0.0.1] (duboucher2.rez-gif.supelec.fr [160.228.159.225])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by vader.rez-gif.supelec.fr (Postfix) with ESMTPS id E4A732C6A73
	for <grub-devel@gnu.org>; Wed, 19 Aug 2009 22:37:40 +0200 (CEST)
Message-ID: <4A8C6293.7030102@duboucher.eu>
Date: Wed, 19 Aug 2009 22:37:39 +0200
From: Duboucher Thomas <thomas@duboucher.eu>
User-Agent: Thunderbird 2.0.0.22 (Windows/20090605)
MIME-Version: 1.0
To: The development of GRUB 2 <grub-devel@gnu.org>
References: <4A8BDB5B.5000407@labri.fr>
	<4A8C2970.5070200@duboucher.eu>	<d7ead6de0908191004o5b9ba94ia05319d81f1208a8@mail.gmail.com>	<4A8C40CB.5020209@duboucher.eu>	<d7ead6de0908191137p515fb213s6ae3504e26e5b86c@mail.gmail.com>	<4A8C4F85.80102@duboucher.eu>	<d7ead6de0908191228g7f1d30f7m474301616fe8539b@mail.gmail.com>	<4A8C5CF7.9090408@duboucher.eu>
	<d7ead6de0908191322g2d00583el6d5087d24fe980c2@mail.gmail.com>
In-Reply-To: <d7ead6de0908191322g2d00583el6d5087d24fe980c2@mail.gmail.com>
X-Enigmail-Version: 0.95.7
OpenPGP: id=A79F86A8
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2)
Subject: Re: TPM support status ?
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: The development of GRUB 2 <grub-devel@gnu.org>
List-Id: The development of GRUB 2 <grub-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Aug 2009 20:37:57 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Vladimir 'phcoder' Serbinenko a =E9crit :
> There is a point in keeping them - remote atestation. Why do I need
> manufacturer to sign my key?

No, the endorsement key pair is not used in remote attestation. Only to
generate one time key pairs for ownership operations.
The signature proves that the key was generated within the manufacturer
infrastructure, and not by someone else using a fraudulent key
generator. If the TPM is enabled to, you can reset the endorsement key
pair and generate a new one (you can also create temporary pairs iirc);
the only thing you'll be missing will be the manufacturer's signature
(but you can use yours if you wishes to).

>>> By using this key you can prove manufacturer that you use the key he
>>> burned in device it controls which opens the bad doors.
>> Well, like in any security system, you suppose the system itself is
>> secure ... which is not always the case, intentionnaly or not.
> Even if you're in an insecure prison you're still in a prison.

Where will we go if we start thinking every security system is flawed. :|

>> It's not against my words. I was telling that a malicious manufacturer
>> can use a TPM to build a system where the BIOS is less likely to be
>> modified. And if on top of this he uses this to protect the operating
>> system ... These are use cases of TPM that _we_ don't want to see.
> Unfortunately it's the cases it's designed for.

No, it was designed as an hardware-based security for data, not
exclusively for going against the end-user.

>>> If you have tokens why do you care if attacker has your passphrase.
>>> And just the keyboard input can contain a lot of valuable data itself=
.
>>> Why do you suppose that attacker can stole the laptop but not the tok=
en?
>> I'm not making any supposition, I'm making all of them. And I'm trying
>> to reduce the different schemes an attacker could use. There is _alway=
s_
>> a way to steal the secret. At least let's make it less likely to happe=
n.
>>
> Without threat model we're speaking placebo.
>=20

Stoned Bootkit?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkqMYpMACgkQBV7eXqefhqj45QCfUSyFLxjDy7ojXmjYfNCGbMyZ
eFUAn2eTg1UI/ZnSg/94m+chwFsj9VWd
=3DtyPM
-----END PGP SIGNATURE-----