[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A _good_ and valid use for TPM
|
From: |
Jan Alsenz |
|
Subject: |
Re: A _good_ and valid use for TPM |
|
Date: |
Sat, 21 Feb 2009 22:04:22 +0100 |
|
User-agent: |
Thunderbird 2.0.0.19 (X11/20090104) |
Hi!
I don't want to be picky here, but you know that remote attestation is simply
sending signed hash values?
The important thing is that the receiver has trust in the protection of the
private key.
So if you build me a coreboot/GRUB version with a trusted boot chain I can
happily implement a remote attestation scheme with it and ship it to my
customers.
Greets,
Jan
Robert Millan wrote:
> On Sat, Feb 21, 2009 at 05:29:34PM +0200, Michael Gorven wrote:
>> On Saturday 21 February 2009 15:51:42 Robert Millan wrote:
>>> On Fri, Feb 20, 2009 at 09:45:28AM +0200, Michael Gorven wrote:
>>>> TPM can be used for good or for bad, but this is the case for everything
>>>> involving cryptography. We don't refuse to use encryption algorithms
>>>> because they could be used for DRM, so why should we refuse to use TPM?
>>> I don't agree with this analogy. Unlike cryptography, TPMs have been
>>> designed from the ground up to serve an evil purpose. They *could* have
>>> designed them with good intent, for example either of these could apply:
>>>
>>> - Buyer gets a printed copy of the TPM's private key when they buy a
>>> board.
>>>
>>> - An override button that's physically accessible from the chip can be
>>> used to disable "hostile mode" and make the TPM sign everything. From
>>> that point physical access can be managed with traditional methods
>>> (e.g. locks).
>>>
>>> But they didn't.
>> Just to clarify, are you objecting to the use of TPM on principle and
>> because
>> you don't want to encourage use of it, or because you think this specific
>> use
>> (trusted boot path) is dangerous?
>
> I can't reply to this question, because it's not just a specific use, it's
> part of the design, of its purpose. One of the design goals is remote
> attestation, which is a threat to our freedom and is unethical.
>
> If there was a device that behaves like a TPM except remote attestation is
> not possible (e.g. by one of the means described above), I wouldn't object
> to it, and I think the GNU project wouldn't either, but then referring to
> that as "TPM" is misleading.
>
signature.asc
Description: OpenPGP digital signature
- Re: A _good_ and valid use for TPM, (continued)
- Re: A _good_ and valid use for TPM, Robert Millan, 2009/02/21
- Re: A _good_ and valid use for TPM, Michael Gorven, 2009/02/21
- Re: A _good_ and valid use for TPM, Robert Millan, 2009/02/21
- Re: A _good_ and valid use for TPM, Michael Gorven, 2009/02/21
- Re: A _good_ and valid use for TPM, Robert Millan, 2009/02/21
- Re: A _good_ and valid use for TPM, Jan Alsenz, 2009/02/21
- Re: A _good_ and valid use for TPM, phcoder, 2009/02/21
- Re: A _good_ and valid use for TPM, Robert Millan, 2009/02/21
- Re: A _good_ and valid use for TPM, Jan Alsenz, 2009/02/21
- Re: A _good_ and valid use for TPM, Robert Millan, 2009/02/21
- Re: A _good_ and valid use for TPM,
Jan Alsenz <=
- Re: A _good_ and valid use for TPM, Robert Millan, 2009/02/21
- Re: A _good_ and valid use for TPM, Isaac Dupree, 2009/02/21
- Re: A _good_ and valid use for TPM, Robert Millan, 2009/02/27
- Re: A _good_ and valid use for TPM, Alex Besogonov, 2009/02/21
- Re: A _good_ and valid use for TPM, Robert Millan, 2009/02/21
- Re: A _good_ and valid use for TPM, Alex Besogonov, 2009/02/21
- Re: A _good_ and valid use for TPM, Robert Millan, 2009/02/27
- Re: A _good_ and valid use for TPM, Alex Besogonov, 2009/02/21
- Re: A _good_ and valid use for TPM, phcoder, 2009/02/21
- Re: A _good_ and valid use for TPM, Robert Millan, 2009/02/21