On Wed, Aug 19, 2009 at 01:00:43PM +0200, Emmanuel Fleury wrote: > Dear all, > > I know this is a quite sensitive topic and I'm really not willing to > start a new flame-war about it. I just want to know the exact status of > it and what is the (official) position of the GRUB team on the TPM support. > > Last discussion about the TPM issue was in February (see: > http://lists.gnu.org/archive/html/grub-devel/2009-02/msg00217.html) and > it ended up with a kind of statu quo. > > I just propose to expose the consequences of TPM support for GRUB, first > in a technical point of view and then on an ethical one. Then, I hope > the GRUB team will write his official position on the TPM support.
Hi, This is my official position on TPM support: GRUB is part of the GNU project. This means we follow the same ultimate goal, that is, enabling all computer users to enjoy the freedoms they should have when using computer programs in them. "TPM" is a device that is part of the "Trusted Computing" initiative. However, referring to this as "Trusted" is misleading. As owner of your computer, you are *already* able to trust your computer. The difference with "Trusted Computing" is not on whether it's trusted, but on *who* can trust it: Someone else can trust your computer, at the expense that it won't always obbey your orders anymore. Because of this, we avoid referring to it as "Trusted" and use "Treacherous" instead. As you can see, the purpose of TPMs is fundamentally incompatible with our goal. It would be foolish for us to support them. >From a technical perspective, a TPM is not so different from a similar device that we would consider legitimate: one that doesn't prevent the owner from obtaining the private key of his own chip, or at least from using it to sign arbitrary data. Unless a clearly distinct name was used, this would still have the inconvenient that we would be promoting the mallicious version if we supported it, but since this theoretical device doesn't exist anyway, it's pointless to argue about it. TPMs as they exist today are not acceptable. That said, remember that GRUB is free software, and you can modify it to implement any feature (including mallicious ones like virus, spyware or DRM), as long as you comply with the license requirements in the GPL. -- Robert Millan The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and how) you may access your data; but nobody's threatening your freedom: we still allow you to remove your data and not access it at all." _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel