[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TPM support status ?
|
From: |
Robert Millan |
|
Subject: |
Re: TPM support status ? |
|
Date: |
Wed, 19 Aug 2009 16:34:20 +0200 |
|
User-agent: |
Mutt/1.5.18 (2008-05-17) |
On Wed, Aug 19, 2009 at 01:00:43PM +0200, Emmanuel Fleury wrote:
> Dear all,
>
> I know this is a quite sensitive topic and I'm really not willing to
> start a new flame-war about it. I just want to know the exact status of
> it and what is the (official) position of the GRUB team on the TPM support.
>
> Last discussion about the TPM issue was in February (see:
> http://lists.gnu.org/archive/html/grub-devel/2009-02/msg00217.html) and
> it ended up with a kind of statu quo.
>
> I just propose to expose the consequences of TPM support for GRUB, first
> in a technical point of view and then on an ethical one. Then, I hope
> the GRUB team will write his official position on the TPM support.
Hi,
This is my official position on TPM support:
GRUB is part of the GNU project. This means we follow the same ultimate
goal, that is, enabling all computer users to enjoy the freedoms they
should have when using computer programs in them.
"TPM" is a device that is part of the "Trusted Computing" initiative. However,
referring to this as "Trusted" is misleading. As owner of your computer, you
are *already* able to trust your computer. The difference with "Trusted
Computing" is not on whether it's trusted, but on *who* can trust it: Someone
else can trust your computer, at the expense that it won't always obbey your
orders anymore.
Because of this, we avoid referring to it as "Trusted" and use "Treacherous"
instead.
As you can see, the purpose of TPMs is fundamentally incompatible with our
goal. It would be foolish for us to support them.
>From a technical perspective, a TPM is not so different from a similar device
that we would consider legitimate: one that doesn't prevent the owner from
obtaining the private key of his own chip, or at least from using it to sign
arbitrary data. Unless a clearly distinct name was used, this would still
have the inconvenient that we would be promoting the mallicious version if
we supported it, but since this theoretical device doesn't exist anyway, it's
pointless to argue about it. TPMs as they exist today are not acceptable.
That said, remember that GRUB is free software, and you can modify it to
implement any feature (including mallicious ones like virus, spyware or
DRM), as long as you comply with the license requirements in the GPL.
--
Robert Millan
The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and
how) you may access your data; but nobody's threatening your freedom: we
still allow you to remove your data and not access it at all."
- Re: TPM support status ?, (continued)
- Re: TPM support status ?, Vladimir 'phcoder' Serbinenko, 2009/08/19
- Re: TPM support status ?, Robert Millan, 2009/08/19
- Re: TPM support status ?, Michael Gorven, 2009/08/19
- Re: TPM support status ?, Vladimir 'phcoder' Serbinenko, 2009/08/19
- Re: TPM support status ?, Michael Gorven, 2009/08/19
- Re: TPM support status ?, Vladimir 'phcoder' Serbinenko, 2009/08/19
- Re: TPM support status ?, Duboucher Thomas, 2009/08/19
- Re: TPM support status ?, Robert Millan, 2009/08/20
- Re: TPM support status ?, Michael Gorven, 2009/08/20
- Re: TPM support status ?, Robert Millan, 2009/08/20
Re: TPM support status ?,
Robert Millan <=
Re: TPM support status ?, Duboucher Thomas, 2009/08/19
- Re: TPM support status ?, Vladimir 'phcoder' Serbinenko, 2009/08/19
- Re: TPM support status ?, Duboucher Thomas, 2009/08/19
- Re: TPM support status ?, Vladimir 'phcoder' Serbinenko, 2009/08/19
- Re: TPM support status ?, Duboucher Thomas, 2009/08/19
- Re: TPM support status ?, Vladimir 'phcoder' Serbinenko, 2009/08/19
- Re: TPM support status ?, Duboucher Thomas, 2009/08/19
- Re: TPM support status ?, Vladimir 'phcoder' Serbinenko, 2009/08/19
- Re: TPM support status ?, Duboucher Thomas, 2009/08/19
- Re: TPM support status ?, Michal Suchanek, 2009/08/19