Re: help installing grub-ima

[Robert Millan]

On Tue, Oct 23, 2007 at 04:21:59PM -0500, Andrei E. Warkentin wrote:
> >>I think the SELinux people might object to that. One of the biggest
> >>problems with security in Linux is that the Linux kernel is not and
> >>cannot be the core root of trust, as it is by far not the first thing
> >>running and is not located on unmodifiable medium.
> >
> >How can you trust your BIOS if you can't even read its source code,  
> >let
> >alone verify it was built from it?
> >
> 
> I agree. Which also, ultimately, why I think legacy BIOS is dead.

It has nothing to do with legacy; you're in the same situation with EFI.  And
even with LinuxBIOS.  A third party signs binaries and tells you they're
safe; that's all you have.

> TC is a technology. Like all technology, it has both benign and  
> malignant and antisocial usage cases.

I can make arguments like these too:  "A cluster bomb is a technology. Like
all technology, it has both benign and malignant and antisocial usage
cases."

Although every time I heard of someone using cluster bombs it involved mass
murder of civilians.  Why?  Well, to quote Bernard Baruch:

  "If all you have is a hammer, everything looks like a nail."

TC *could* have been designed to serve only benign (but useless) purposes
rather than mallicious ones.  This would be the case if they included the
so-caled owner override mechanism, but this mechanism was rejected.
Without this mechanism, remote attestation works automatically due to
network effects.  Which is fine when you actually want someone else to spy
on you, but is not that nice when you don't.

> I use a kitchen knife to dice  
> veggies for food, while a psycho might use it to stab a room of  
> people. Does this make kitchen knives somehow less desirable within  
> society? I don't think so. Same goes for TC.

So far noone has found a practical way to design knives in a way they can
only be used to cut beef or pork but not to cut someone else's throat.  If
this was possible, I'm sure it'd have been done.  Your argument does not
apply to TC, where the way to do that has already been found and proposed
(and rejected).

Besides, given that the benign uses are mostly useless, one can only
speculate on why they are being advertised at all.  Surely this marketing
approach has to serve a purpose.

> Implementing third party access is very different from being able to  
> perform system measurements in the first place. Given a desire to  
> specifically combat antisocial usage scenarios of TC, there is  
> nothing stopping someone from NOT HAVING the 3rd party inspection  
> interfaces in the first place. Or to turn them off. This doesn't  
> affect secure boot or the use of a TPM to ensure system integrity.

Ok, I want to turn them off.  So when someone wants to perform 3rd party
inspection on me, my TC chip will allow me to lie to them and make them
believe I'm running Microsoft Internet Explorer.  How can I do that?

The chip won't let me.  And it turns out it has physical self-destruction
mechanisms in case I attempt to tamper it.  Anything else I can try?

-- 
Robert Millan

<GPLv2> I know my rights; I want my phone call!
<DRM> What use is a phone call, if you are unable to speak?
(as seen on /.)