grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A _good_ and valid use for TPM


From: Robert Millan
Subject: Re: A _good_ and valid use for TPM
Date: Sat, 21 Feb 2009 21:43:20 +0100
User-agent: Mutt/1.5.18 (2008-05-17)

On Sat, Feb 21, 2009 at 06:58:58PM +0200, Alex Besogonov wrote:
> On Sat, Feb 21, 2009 at 3:51 PM, Robert Millan <address@hidden> wrote:
> >  - An override button that's physically accessible from the chip can be
> >    used to disable "hostile mode" and make the TPM sign everything.  From
> >    that point physical access can be managed with traditional methods (e.g.
> >    locks).
> > But they didn't.
> And actually, they did.
> ================================
> New flexibility in EKs. In the 1.1b specification, endorsement keys
> were fixed in the
> chip at manufacture. This allowed a certificate to be provided by the
> manufacturer for the
> key. However, some privacy advocates are worried about the EK becoming
> a nonchangeable
> identifier (in spite of all the privacy controls around it, which
> would make doing
> this very difficult). ***As a result, the specification allows a
> manufacturer to allow the key to
> be removed by the end user and regenerated.*** Of course the
> certificate at that point would
> become worthless, and it could be very expensive for the end user to
> get a new certificate.
> ================================
> https://www.trustedcomputinggroup.org/specs/TSS/TSS_1_2_Errata_A-final.pdf

I would have to study this in detail, but I don't see the text saying that
remote attestation is no longer supported.

What this probably amounts to is that the coercion process can now be made
anonymously, which I already knew:

  http://en.wikipedia.org/wiki/Direct_anonymous_attestation

and which is not the core of the problem.

-- 
Robert Millan

  The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and
  how) you may access your data; but nobody's threatening your freedom: we
  still allow you to remove your data and not access it at all."




reply via email to

[Prev in Thread] Current Thread [Next in Thread]