[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A _good_ and valid use for TPM
From: |
Alex Besogonov |
Subject: |
Re: A _good_ and valid use for TPM |
Date: |
Sun, 22 Feb 2009 03:26:32 +0200 |
User-agent: |
Thunderbird 2.0.0.17 (Windows/20080914) |
Robert Millan wrote:
It's exactly what I want to do (minus the 'coercing' part). I want to
ensure that devices run only my unmodified software (which I consider
secure) and only in this case provide decryption keys for sensitive
data. Of course, it done not for DRM purposes, but rather to protect
sensitive data from theft (real theft, not copyright infringement).
There's no fundamental difference between hardening a device and using that
as your root of trust and using someone else's hardened device and using
that as your root of trust.
There's a difference. It's impossible to create the root-of-trust
without some hardware/firmware support.
The only differences are:
- One more link in the trust chain (irrelevant).
- Because it's _someone else's_ computer (the TPM), you're irrationally
assuming that its security is flawless.
Security of TPM vendors is audited by a third party. For most practical
purposes it can be considered quite adequate.
- Because it's someone else's computer, this helps them get their foot in
your door. Next time you notice, each PC will be verified by one of
these, and then you can kiss all your freedom goodbye.
And how does not supporting this functionality in GRUB affect this?
> This is unnecessary. Once GRUB supports crypto, it can simply load
> itself from an encrypted filesystem on disk. An image can be of
> arbitrary size.
Nope. Still no way to test system integrity.
I was repliing to the idea of implementing sha-1 checks in the MBR. Please
don't bring it out of context.
Sorry, I didn't mean to.
--
With respect,
Alex Besogonov (address@hidden)
- Re: A _good_ and valid use for TPM, (continued)
- Re: A _good_ and valid use for TPM, Michal Suchanek, 2009/02/22
- Re: A _good_ and valid use for TPM, phcoder, 2009/02/22
- Re: A _good_ and valid use for TPM, step21, 2009/02/22
- Re: A _good_ and valid use for TPM, Michal Suchanek, 2009/02/23
- Re: A _good_ and valid use for TPM, Robert Millan, 2009/02/27
- Re: A _good_ and valid use for TPM, Robert Millan, 2009/02/27
- Re: A _good_ and valid use for TPM, Alex Besogonov, 2009/02/21
- Re: A _good_ and valid use for TPM, phcoder, 2009/02/21
- Re: A _good_ and valid use for TPM, Robert Millan, 2009/02/21
- Re: A _good_ and valid use for TPM, Robert Millan, 2009/02/21
- Re: A _good_ and valid use for TPM,
Alex Besogonov <=
- Re: A _good_ and valid use for TPM, Robert Millan, 2009/02/27
- Re: A _good_ and valid use for TPM, Michael Gorven, 2009/02/20
- Re: A _good_ and valid use for TPM, phcoder, 2009/02/20
- Re: A _good_ and valid use for TPM, Michael Gorven, 2009/02/20
- Re: A _good_ and valid use for TPM, Jan Alsenz, 2009/02/20
- Re: A _good_ and valid use for TPM, Vesa Jääskeläinen, 2009/02/20
- Re: A _good_ and valid use for TPM, Jan Alsenz, 2009/02/20
- Re: A _good_ and valid use for TPM, Robert Millan, 2009/02/21
- Re: A _good_ and valid use for TPM, Robert Millan, 2009/02/21
- Re: A _good_ and valid use for TPM, Michael Gorven, 2009/02/21