On Sat, Feb 21, 2009 at 05:29:34PM +0200, Michael Gorven wrote: > On Saturday 21 February 2009 15:51:42 Robert Millan wrote: > > On Fri, Feb 20, 2009 at 09:45:28AM +0200, Michael Gorven wrote: > > > TPM can be used for good or for bad, but this is the case for everything > > > involving cryptography. We don't refuse to use encryption algorithms > > > because they could be used for DRM, so why should we refuse to use TPM? > > > > I don't agree with this analogy. Unlike cryptography, TPMs have been > > designed from the ground up to serve an evil purpose. They *could* have > > designed them with good intent, for example either of these could apply: > > > > - Buyer gets a printed copy of the TPM's private key when they buy a > > board. > > > > - An override button that's physically accessible from the chip can be > > used to disable "hostile mode" and make the TPM sign everything. From > > that point physical access can be managed with traditional methods > > (e.g. locks). > > > > But they didn't. > > Just to clarify, are you objecting to the use of TPM on principle and because > you don't want to encourage use of it, or because you think this specific use > (trusted boot path) is dangerous?
I can't reply to this question, because it's not just a specific use, it's part of the design, of its purpose. One of the design goals is remote attestation, which is a threat to our freedom and is unethical. If there was a device that behaves like a TPM except remote attestation is not possible (e.g. by one of the means described above), I wouldn't object to it, and I think the GNU project wouldn't either, but then referring to that as "TPM" is misleading. -- Robert Millan The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and how) you may access your data; but nobody's threatening your freedom: we still allow you to remove your data and not access it at all." _______________________________________________ Grub-devel mailing list [email protected] http://lists.gnu.org/mailman/listinfo/grub-devel
