On Wed, Feb 18, 2009 at 11:05 PM, Jan Alsenz <janals...@student.ethz.ch> wrote: > I've recently started porting TrustedGRUB ( > http://sourceforge.net/projects/trustedgrub ) to GRUB2. > I didn't get too far as I don't have too much time right now, but I managed to > complete the MBR bootloader. Great! MBR is the most scary part :)
> I agree with you on the usefulness of a TPM for disk encryption and have a > similar scheme planned. > Regardless of the outcome of the discussion on the mailing list I would be > interested in a "trusted" GRUB2 version. Maybe we could join forces? Absolutely. I just hate doing work that won't appear in the mainline version :( > BTW, the "manufacturer key" everyone is talking about is usually referred to > as > "endorsement key", which is generated during production (and whose private > part > is considered possibly in the possession of the manufacturer). I heard, that > some newer TPM versions support reinitializing this key, but I'm not sure of > that. Uhm... TPM_CreateEndorsementKeyPair can be used to create the endorsement key pair, and the spec also says that TPM chip _must_ ship with empty endorsement key. It also can later be changed. > And you do loose the ability to do remote attestation with "official" > entities, if you do it. Well, I don't care about that. And in any case, no-one uses TPM for 'official' purposes. _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel