grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A _good_ and valid use for TPM

From: Colin D Bennett
Subject: Re: A _good_ and valid use for TPM
Date: Thu, 19 Feb 2009 07:38:36 -0800 
On Thu, 19 Feb 2009 16:05:10 +0100
phcoder <address@hidden> wrote:

> Personally if tpm support is merged into mainline grub2 I'll stop using 
> it. However what you request doesn't need tpm. Authenticity of modules, 
> configuration files and so on can be verified by one of 4 methods:
> 1) internal signatures
> 2) file in signed gpg container
> 3) detached signatures
> 4) signed hash file

While TPM may open a door for corporations to prevent machine owners
from having control over their machines, in this instance I do not see
another way to solve Alex's problem.

To restate the problem:

1. The disk must be encrypted.
2. The system must be able to boot without human interaction.  That is,
   a user cannot be prompted for a passphrase or key.

The solution using TPM, as I understand it, essentially puts the
encryption key into tamper-resistant memory in the TPM module, and
supports integrity verification of the system, including the software
on the hard disk, at load time.

It sounds like any solution to problem points (1) and (2) would require
some sort of tamper-resistant module to store the key and handle the
first level of verification (to verify the initial code loaded from
disk).  From that point on, the verified boot sector code can read the
encryption key and verify the next-higher level of software, and so on.

The evil part of TPM seems to be when a person buys a computer but the
computer is locked down with a key not provided to the buyer.

Regards,
Colin
reply via email to
[Prev in Thread] Current Thread [Next in Thread]