On Friday 20 February 2009 13:27:28 phcoder wrote: > Free software is about freedom of choice. I think we should have > possibility to have multiple authentication and key sources. Then one > could e.g. not save password as md5 somewhere in configfile or embedded > in module but check that this password opens luks. Or that it's a > password of somebody in wheel group basing on /etc/passwd, /etc/shadow > and /etc/group. In this case tpm-keyretrieve module may be developed > outside of main trunk and if someone wants it he can download it
Yes, I agree that there should be multiple methods, but I don't see why the TPM module shouldn't be in the main trunk. It wouldn't be forced on GRUB users in any way -- we would just be giving them the option to use it. They would have to explicitly enable and set it up. As Jan said, the TPM is a passive device which can be used in any way we wish, and I don't see why using some of its features to create a more secure system is wrong. Regards Michael -- http://michael.gorven.za.net PGP Key ID 6612FE85 S/MIME Key ID AAF09E0E
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel