From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with archive (Exim 4.43)
	id 1HtncE-00068C-6j
	for mharc-grub-devel@gnu.org; Thu, 31 May 2007 12:35:10 -0400
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1HtncB-00060I-8Z
	for grub-devel@gnu.org; Thu, 31 May 2007 12:35:07 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1Htnc9-0005sO-CP
	for grub-devel@gnu.org; Thu, 31 May 2007 12:35:06 -0400
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Htnc9-0005s3-4r
	for grub-devel@gnu.org; Thu, 31 May 2007 12:35:05 -0400
Received: from smtp-vbr17.xs4all.nl ([194.109.24.37])
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <mgerards@xs4all.nl>) id 1Htnc7-0004t0-Gt
	for grub-devel@gnu.org; Thu, 31 May 2007 12:35:04 -0400
Received: from localhost.localdomain (249-174.surfsnel.dsl.internl.net
	[145.99.174.249])
	by smtp-vbr17.xs4all.nl (8.13.8/8.13.8) with ESMTP id l4VGYeLk045144
	for <grub-devel@gnu.org>; Thu, 31 May 2007 18:34:41 +0200 (CEST)
	(envelope-from mgerards@xs4all.nl)
From: Marco Gerards <mgerards@xs4all.nl>
To: The development of GRUB 2 <grub-devel@gnu.org>
References: <10779735.post@talk.nabble.com> <20070524160348.GA13048@aragorn>
	<f368tj$avp$1@sea.gmane.org> <20070525151103.GA12477@wolff.to>
	<20070530131841.GB4771@aragorn>
	<20070530232859.GB24702@coresystems.de>
Mail-Copies-To: mgerards@xs4all.nl
Date: Thu, 31 May 2007 18:40:31 +0200
In-Reply-To: <20070530232859.GB24702@coresystems.de> (Stefan Reinauer's
	message of "Thu, 31 May 2007 01:28:59 +0200")
Message-ID: <87zm3lhrpc.fsf@xs4all.nl>
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Virus-Scanned: by XS4ALL Virus Scanner
X-detected-kernel: FreeBSD 4.6-4.9
Subject: Re: TPM chip and Grub bootloader
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: The development of GRUB 2 <grub-devel@gnu.org>
List-Id: The development of GRUB 2 <grub-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Thu, 31 May 2007 16:35:08 -0000

Stefan Reinauer <stepan@coresystems.de> writes:

> * Robert Millan <rmh@aybabtu.com> [070530 15:18]:
>> IOW, no matter who the keys belong to, the problem is there's a component in
>> the hardware I paid for that is hostile to me, which contains keys that I
>> cannot retrieve (good, because of security), and refuses to use the keys on
>> anything I want it to (bad, because it's inherently an abusive tool).
>
> You do not need a TPM based system. Todays BIOSes prohibit flashing
> anything not signed by the vendor using SMI and hardware lockdown
> mechanisms. You are locked out already, even though you might not care
> or know yet.

That sounds terrible.  How do you deal with this for LinuxBIOS?
--
Marco