grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A _good_ and valid use for TPM

From: Jan Alsenz
Subject: Re: A _good_ and valid use for TPM
Date: Sat, 21 Feb 2009 15:00:28 +0100
User-agent: Thunderbird 2.0.0.19 (X11/20090104) 
Robert Millan wrote:
> On Thu, Feb 19, 2009 at 07:38:36AM -0800, Colin D Bennett wrote:
>> While TPM may open a door for corporations to prevent machine owners
>> from having control over their machines, in this instance I do not see
>> another way to solve Alex's problem.
> 
> There's an easy way out of this.  Simply verify data integrity from the
> flash chip, and make sure nobody can write to the flash chip.
> 
> You can archieve the first by e.g. installing coreboot/GRUB there and
> add some crypto support to it.
> 
> You can archieve the second by cutting the WE wire, or by dumping lots of
> concrete over your board.  Yes, this is a gazillon times more secure than
> a TPM.  TPMs are vulnerable to reverse engineering.
Everything is vulnerable to reverse engineering.
The problem with a TPM is not, that it uses bad/proprietary crypto, but as you
state, that you can't own it completely.

>> The evil part of TPM seems to be when a person buys a computer but the
>> computer is locked down with a key not provided to the buyer.
> 
> Precisely.  If it came with a key that is known to the buyer (e.g. printed
> on paper), or with an override mechanism that is only accessible to its
> legitimate buyer, there would be no problem with it.
> 
> But AFAICT there are no TPMs that do this.  It probably even violates the
> spec.
I also haven't seen a TPM that does it, but it is in the specs - called a
revocable endorsement key - as an optional feature...

Greets,

Jan

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]