Re: A _good_ and valid use for TPM

[Michael Gorven]

On Friday 20 February 2009 13:27:28 phcoder wrote:
> Free software is about freedom of choice. I think we should have
> possibility to have multiple authentication and key sources. Then one
> could e.g. not save password as md5 somewhere in configfile or embedded
> in module but check that this password opens luks. Or that it's a
> password of somebody in wheel group basing on /etc/passwd, /etc/shadow
> and /etc/group. In this case tpm-keyretrieve module may be developed
> outside of main trunk and if someone wants it he can download it

Yes, I agree that there should be multiple methods, but I don't see why the 
TPM module shouldn't be in the main trunk. It wouldn't be forced on GRUB 
users in any way -- we would just be giving them the option to use it. They 
would have to explicitly enable and set it up. As Jan said, the TPM is a 
passive device which can be used in any way we wish, and I don't see why 
using some of its features to create a more secure system is wrong.

Regards
Michael

-- 
http://michael.gorven.za.net
PGP Key ID 6612FE85
S/MIME Key ID AAF09E0E

signature.asc
Description: This is a digitally signed message part.