On Sun, Feb 22, 2009 at 03:02:43AM +0200, Alex Besogonov wrote: > Robert Millan wrote: >>> Private part of the endorsement key _never_ leaves the device (if >>> manufacturer uses the recommended TPM_CreateEndorsementKeyPair >>> method). Even device manufacturer doesn't know it. >> Even if that is true (which I doubt), it's merely incidental, because... > It's not really incidental. TCG was initially started as a group to > develop trusted computing platform. MS later tried to hijack it to > realize their wet dream of locked-down computer.
Well, sounds like either the hijack was succesful, or the wet dream was shared. >>> Public key is then >>> signed by manufacturer's certificate. This ensures that the private >>> key can't be compromised. >> ...this ensures that $evil_bob can challenge you to prove you're running >> his proprietary anti-user software. > So I won't be able to answer $evil_bob challenge in any case, since I'm > mostly running Linux now. That depends on what he considers trusted. The capabilities are there and got merged in Linux tree. And who's scared of Vista anyways? ;-) -- Robert Millan The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and how) you may access your data; but nobody's threatening your freedom: we still allow you to remove your data and not access it at all." _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
