From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1Lb37N-0008Tn-PD for mharc-grub-devel@gnu.org; Sat, 21 Feb 2009 20:26:53 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Lb37L-0008Tf-6T for grub-devel@gnu.org; Sat, 21 Feb 2009 20:26:51 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Lb37I-0008TT-On for grub-devel@gnu.org; Sat, 21 Feb 2009 20:26:49 -0500 Received: from [199.232.76.173] (port=54728 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Lb37I-0008TQ-Iq for grub-devel@gnu.org; Sat, 21 Feb 2009 20:26:48 -0500 Received: from main.gmane.org ([80.91.229.2]:47935 helo=ciao.gmane.org) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1Lb37I-0000z3-2A for grub-devel@gnu.org; Sat, 21 Feb 2009 20:26:48 -0500 Received: from list by ciao.gmane.org with local (Exim 4.43) id 1Lb37E-00059M-Kl for grub-devel@gnu.org; Sun, 22 Feb 2009 01:26:44 +0000 Received: from ip.82.144.214.15.stat.volia.net ([82.144.214.15]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 22 Feb 2009 01:26:44 +0000 Received: from cyberax by ip.82.144.214.15.stat.volia.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 22 Feb 2009 01:26:44 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: grub-devel@gnu.org From: Alex Besogonov Date: Sun, 22 Feb 2009 03:26:32 +0200 Message-ID: References: <499DB343.9020301@gmail.com> <499DF97E.1080800@student.ethz.ch> <20090221134607.GJ16068@thorin> <20090221202158.GD18492@thorin> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: ip.82.144.214.15.stat.volia.net User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) In-Reply-To: <20090221202158.GD18492@thorin> Sender: news X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) Subject: Re: A _good_ and valid use for TPM X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Feb 2009 01:26:51 -0000 Robert Millan wrote: >> It's exactly what I want to do (minus the 'coercing' part). I want to >> ensure that devices run only my unmodified software (which I consider >> secure) and only in this case provide decryption keys for sensitive >> data. Of course, it done not for DRM purposes, but rather to protect >> sensitive data from theft (real theft, not copyright infringement). > There's no fundamental difference between hardening a device and using that > as your root of trust and using someone else's hardened device and using > that as your root of trust. There's a difference. It's impossible to create the root-of-trust without some hardware/firmware support. > The only differences are: > - One more link in the trust chain (irrelevant). > - Because it's _someone else's_ computer (the TPM), you're irrationally > assuming that its security is flawless. Security of TPM vendors is audited by a third party. For most practical purposes it can be considered quite adequate. > - Because it's someone else's computer, this helps them get their foot in > your door. Next time you notice, each PC will be verified by one of > these, and then you can kiss all your freedom goodbye. And how does not supporting this functionality in GRUB affect this? >> > This is unnecessary. Once GRUB supports crypto, it can simply load >> > itself from an encrypted filesystem on disk. An image can be of >> > arbitrary size. >> Nope. Still no way to test system integrity. > I was repliing to the idea of implementing sha-1 checks in the MBR. Please > don't bring it out of context. Sorry, I didn't mean to. -- With respect, Alex Besogonov (cyberax@staffdirector.net)