Robert Millan schrieb:
On Thu, May 24, 2007 at 01:41:31AM -0700, karmo wrote:
hi
i want to program Grub to use the TPM chip to load certified Operating
System (like windows or redhat, it doesn't matter....but perhaps i will use
a redhat versione).
can you give me documents about how to do this?
Is that related to Digital Restriction Management? (just curious)
The TPM trust chain has multiple uses, somewhat related to each other:
1. bind executables to a system state (as defined by a hash over BIOS
image, boot loader, kernel, a set of drivers, ...)
2. bind the keystore in the TPM chip to that system state
As so often, it can be used for, and against the user. Binding certain
data to a machine (eg. certificates) and making it non-trivial to get at
them.
The bad side is that the system state lock means some kind of lock-in
(read your encrypted data on two different systems on the same machine?
well, they lead to different system states, so the keys you need aren't
available).
it also didn't help in the early state of TPM, that some media industry
chills "proposed" lots of "extensions" to the basic TPM model that would
make a media player intrusion proof (right in front of the press that
took their wet dreams at face value and part of the specs), and that
some misleading and downright wrong papers by opponents (the infamous
"tcpa faq") became popular.
Patrick Georgi
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
