On Wed, Aug 19, 2009 at 10:37 PM, Duboucher Thomas<[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Vladimir 'phcoder' Serbinenko a écrit : >> There is a point in keeping them - remote atestation. Why do I need >> manufacturer to sign my key? > > No, the endorsement key pair is not used in remote attestation. Only to > generate one time key pairs for ownership operations. > The signature proves that the key was generated within the manufacturer > infrastructure, and not by someone else using a fraudulent key > generator. If the TPM is enabled to, you can reset the endorsement key > pair and generate a new one (you can also create temporary pairs iirc); > the only thing you'll be missing will be the manufacturer's signature > (but you can use yours if you wishes to). > But why can't I generate my keys on first use? Or why do I need manufacturer's signature? >>> It's not against my words. I was telling that a malicious manufacturer >>> can use a TPM to build a system where the BIOS is less likely to be >>> modified. And if on top of this he uses this to protect the operating >>> system ... These are use cases of TPM that _we_ don't want to see. >> Unfortunately it's the cases it's designed for. > > No, it was designed as an hardware-based security for data, not > exclusively for going against the end-user. They have to propose something to make people accept it. >> Without threat model we're speaking placebo. >> > > Stoned Bootkit? Cold boot?
-- Regards Vladimir 'phcoder' Serbinenko Personal git repository: http://repo.or.cz/w/grub2/phcoder.git _______________________________________________ Grub-devel mailing list [email protected] http://lists.gnu.org/mailman/listinfo/grub-devel
