From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1Lb2rA-0001Zz-UC for mharc-grub-devel@gnu.org; Sat, 21 Feb 2009 20:10:08 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Lb2r9-0001Zu-Jl for grub-devel@gnu.org; Sat, 21 Feb 2009 20:10:07 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Lb2r7-0001ZE-Fn for grub-devel@gnu.org; Sat, 21 Feb 2009 20:10:06 -0500 Received: from [199.232.76.173] (port=37952 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Lb2r7-0001ZB-9g for grub-devel@gnu.org; Sat, 21 Feb 2009 20:10:05 -0500 Received: from main.gmane.org ([80.91.229.2]:56240 helo=ciao.gmane.org) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1Lb2r6-0007R3-UM for grub-devel@gnu.org; Sat, 21 Feb 2009 20:10:05 -0500 Received: from root by ciao.gmane.org with local (Exim 4.43) id 1Lb2r4-0004e2-Sl for grub-devel@gnu.org; Sun, 22 Feb 2009 01:10:02 +0000 Received: from ip.82.144.214.15.stat.volia.net ([82.144.214.15]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 22 Feb 2009 01:10:02 +0000 Received: from cyberax by ip.82.144.214.15.stat.volia.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 22 Feb 2009 01:10:02 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: grub-devel@gnu.org From: Alex Besogonov Date: Sun, 22 Feb 2009 03:02:43 +0200 Message-ID: References: <499DF97E.1080800@student.ethz.ch> <200902200945.51426.michael@gorven.za.net> <20090221135142.GK16068@thorin> <20090221203928.GG18492@thorin> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: ip.82.144.214.15.stat.volia.net User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) In-Reply-To: <20090221203928.GG18492@thorin> Sender: news X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) Subject: Re: A _good_ and valid use for TPM X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Feb 2009 01:10:08 -0000 Robert Millan wrote: >> Private part of the endorsement key _never_ leaves the device (if >> manufacturer uses the recommended TPM_CreateEndorsementKeyPair >> method). Even device manufacturer doesn't know it. > Even if that is true (which I doubt), it's merely incidental, because... It's not really incidental. TCG was initially started as a group to develop trusted computing platform. MS later tried to hijack it to realize their wet dream of locked-down computer. >> Public key is then >> signed by manufacturer's certificate. This ensures that the private >> key can't be compromised. > ...this ensures that $evil_bob can challenge you to prove you're running > his proprietary anti-user software. So I won't be able to answer $evil_bob challenge in any case, since I'm mostly running Linux now. > The question is, will it be practical for you to do disable the TPM a few > years from now? (I think yes, but that's not the point) -- With respect, Alex Besogonov (cyberax@staffdirector.net)