On Sat, Feb 21, 2009 at 3:51 PM, Robert Millan <r...@aybabtu.com> wrote: > - An override button that's physically accessible from the chip can be > used to disable "hostile mode" and make the TPM sign everything. From > that point physical access can be managed with traditional methods (e.g. > locks). > But they didn't. And actually, they did. ================================ New flexibility in EKs. In the 1.1b specification, endorsement keys were fixed in the chip at manufacture. This allowed a certificate to be provided by the manufacturer for the key. However, some privacy advocates are worried about the EK becoming a nonchangeable identifier (in spite of all the privacy controls around it, which would make doing this very difficult). ***As a result, the specification allows a manufacturer to allow the key to be removed by the end user and regenerated.*** Of course the certificate at that point would become worthless, and it could be very expensive for the end user to get a new certificate. ================================ https://www.trustedcomputinggroup.org/specs/TSS/TSS_1_2_Errata_A-final.pdf
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
