Re: TPM support with SATA drives

[Robert Millan]

On Sat, Apr 26, 2008 at 10:58:14PM -0400, Chris Knadle wrote:
> 
>    I think you're right about TPM, Robert.  :-/
> 
>    I recently acquired a laptop that came with a TPM chip; thankfully I was 
> aware of what TPM was indended to be used for and had read warnings on the 
> matter from privacy advocates.  The laptop came with Vista preloaded, which 
> asked a vague [and perhaps intentionally misleading] question, something 
> along the lines of: "This device has a TPM chip which has not yet been 
> activated, would you like to activate it now?  It will help security if you 
> do."  [To which I answered NO.]
> 
>    And in the BIOS settings, sure enough there are some TPM feature settings 
> that are very clearly not to the benefit of the user/owner:
> 
>    Security Reporting Options: (each below has enable/disable option)
>       BIOS ROM String Reporting
>       ESCD Reporting
>       CMOS Reporting
>       NVRAM Reporting
>       SMBIOS Reporting
>    Clear Security Chip (enable/disable)
>       Note says: "It will not be possible to access already-encrypted data
>                   after these keys are cleared"
> 
>    I think it's pretty clear that the intent is to report the above 
> information to the OS manufacturer rather than to the user or owner.

I'm not sure if this is what you found.  Maybe it's too early, but it's
certainly something that I expect seeing in the near future.  When EFI
starts being deployed out there, new firmware implementations will have
the capability to spy on you all by themselves, since they can trap all
memory accesses and come with a networking stack they can use to call home.

Really scary...

-- 
Robert Millan

<GPLv2> I know my rights; I want my phone call!
<DRM> What use is a phone call… if you are unable to speak?
(as seen on /.)