Re: A _good_ and valid use for TPM

[Robert Millan]

On Sun, Feb 22, 2009 at 03:02:43AM +0200, Alex Besogonov wrote:
> Robert Millan wrote:
>>> Private part of the endorsement key _never_ leaves the device (if
>>> manufacturer uses the recommended TPM_CreateEndorsementKeyPair
>>> method). Even device manufacturer doesn't know it.
>> Even if that is true (which I doubt), it's merely incidental, because...
> It's not really incidental. TCG was initially started as a group to  
> develop trusted computing platform. MS later tried to hijack it to  
> realize their wet dream of locked-down computer.

Well, sounds like either the hijack was succesful, or the wet dream was
shared.

>>> Public key is then
>>> signed by manufacturer's certificate. This ensures that the private
>>> key can't be compromised.
>> ...this ensures that $evil_bob can challenge you to prove you're running
>> his proprietary anti-user software.
> So I won't be able to answer $evil_bob challenge in any case, since I'm  
> mostly running Linux now.

That depends on what he considers trusted.  The capabilities are there and
got merged in Linux tree.  And who's scared of Vista anyways? ;-)

-- 
Robert Millan

  The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and
  how) you may access your data; but nobody's threatening your freedom: we
  still allow you to remove your data and not access it at all."