Re: A _good_ and valid use for TPM

[Robert Millan]

On Sat, Feb 21, 2009 at 10:04:22PM +0100, Jan Alsenz wrote:
> Hi!
> 
> I don't want to be picky here, but you know that remote attestation is simply
> sending signed hash values?

Sure.  The tricky part is that your computer generates those, but you're not
really in control of them.  You need to ask your TPM to obtain them, like a
beggar.

> So if you build me a coreboot/GRUB version with a trusted boot chain I can
> happily implement a remote attestation scheme with it and ship it to my 
> customers.

That's the beauty of free software; you can do anything you like with it, even
nasty things.  Just don't expect us to help you get there.

-- 
Robert Millan

  The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and
  how) you may access your data; but nobody's threatening your freedom: we
  still allow you to remove your data and not access it at all."