On Fri, Aug 21, 2009 at 12:16 AM, Pavel Roskin wrote:
> On Wed, 2009-08-19 at 12:05 +0200, Vladimir 'phcoder' Serbinenko wrote:
>
>> > I'm fine with the split, but please use something more descriptive than
>> > U16, U32 and U64. Maybe fs_to_cpu16() etc.
>> >
>> U* was here before me but here is a
On Fri, Aug 21, 2009 at 12:18 AM, Pavel Roskin wrote:
> On Wed, 2009-08-19 at 17:18 +0200, Robert Millan wrote:
>
>> The eye candy is nice but not so important. For me, gfxterm should be
>> default on platforms where it's available, because it implements UTF-8,
>> which is necessary to support l10
On Wed, 2009-08-19 at 17:18 +0200, Robert Millan wrote:
> The eye candy is nice but not so important. For me, gfxterm should be
> default on platforms where it's available, because it implements UTF-8,
> which is necessary to support l10n.
Fine with me. Just please don't rely on existence of m
On Wed, 2009-08-19 at 12:05 +0200, Vladimir 'phcoder' Serbinenko wrote:
> > I'm fine with the split, but please use something more descriptive than
> > U16, U32 and U64. Maybe fs_to_cpu16() etc.
> >
> U* was here before me but here is a patch w/o them
Sorry, I didn't realize that. Then maybe it
On Tue, 2009-08-18 at 19:57 +0200, Robert Millan wrote:
> Hi,
>
> As was discussed in
> http://www.mail-archive.com/grub-devel@gnu.org/msg06210.html
> I intend to prefix all partmap modules with "part_" and rename "pc" to
> "part_msdos".
>
> If anyone has an objection, please say it now.
No obj
On Thu, Aug 20, 2009 at 6:28 PM, Robert Millan wrote:
> On Wed, Aug 19, 2009 at 05:38:58PM +0200, Vladimir 'phcoder' Serbinenko wrote:
>> On Wed, Aug 19, 2009 at 5:34 PM, Robert Millan wrote:
>> > On Wed, Aug 19, 2009 at 01:54:46PM +0200, Vladimir 'phcoder' Serbinenko
>> > wrote:
>> >> This is a d
On Thu, Aug 20, 2009 at 10:11:31PM +0200, decoder wrote:
> Robert Millan wrote:
>>> This is wrong. Smartcards of course have a an interface to interact
>>> with them.
>>>
>>
>> Yes, but it's usually just a button or similar. It doesn't behave like a
>> computer.
>>
> What I meant is the
On Thu, Aug 20, 2009 at 10:11 PM, decoder wrote:
> Robert Millan wrote:
>>>
>>> This is wrong. Smartcards of course have a an interface to interact with
>>> them.
>>>
>>
>> Yes, but it's usually just a button or similar. It doesn't behave like a
>> computer.
>>
>
> What I meant is the software in
>
> It could emulate what a TPM does, however since it starts its job later
> in the boot process, it is far, far less secure (I personnaly would
> consider it useless in this case).
You have to secure something physically. What we consider here are
targetted attacks, not script kiddies. To deflect
Robert Millan wrote:
This is wrong. Smartcards of course have a an interface to interact with
them.
Yes, but it's usually just a button or similar. It doesn't behave like a
computer.
What I meant is the software interface. There are crypto protocols to
interact with a smartcard and t
On Thu, Aug 20, 2009 at 08:35:34PM +0200, decoder wrote:
> Robert Millan wrote:
>> SmartCards are a single-purpose device. Users don't install software in
>> them,
>>
> You don't install software in a TPM module either.
>> and they don't have any user interface (other than a button or so) that
> The TPM can't modify anything either. A TPM is a _passive_ crypto module.
Even if it's so the question which was specifically discussed in
parallel thread is TCG bootpath which is a bad thing
--
Regards
Vladimir 'phcoder' Serbinenko
Personal git repository: http://repo.or.cz/w/grub2/phcoder.g
Hi Grub-devel,
I have built a custom grub2-based cdrom (I am using grub2 from
debian unstable) that uses osdetect.lua which I have fetched from
phcoder git two or three days ago.
I have an Ubuntu 9.04 installation in my Virtualbox test machine.
After running the AUTO MAGIC BOOT which actuall
Robert Millan wrote:
SmartCards are a single-purpose device. Users don't install software in them,
You don't install software in a TPM module either.
and they don't have any user interface (other than a button or so) that could
be used to implement DRM
This is wrong. Smartcards of course ha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Seems that my smtp was down :|
Michal Suchanek a écrit :
> 2009/8/20 Michael Gorven :
>> On Thursday 20 August 2009 10:20:02 Michal Suchanek wrote:
>>> 2009/8/20 Michael Gorven :
On Thursday 20 August 2009 09:59:42 Michal Suchanek wrote:
> 20
On Thu, Aug 20, 2009 at 06:31:03PM +0200, Duboucher Thomas wrote:
> Also, TPM can do the same operations that a SmartCard can; the only
> difference being that one object is a small SmartCard, and the other is
> a computer (or any device, laptop, cellphone, PPA, ...).
I've been asked about this el
On Thu, Aug 20, 2009 at 09:41:54AM +0200, Michael Gorven wrote:
> On Wednesday 19 August 2009 21:21:28 Michal Suchanek wrote:
> > Tell me one technical benefit of TPM over coreboot.
>
> Coreboot doesn't provide protected storage of secrets (e.g. harddrive
> decryption keys).
Note that coreboot i
On Sun, Jul 26, 2009 at 11:29:01PM +0200, Vladimir 'phcoder' Serbinenko wrote:
> + /* Allowed users. NULL means 'everybody'. */
> + const char *users;
This sounds dangerous: it is easy to make a mistake in code that e.g.
removes a user from this list.
The "natural" meaning of an empty OR list
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Vladimir 'phcoder' Serbinenko a écrit :
>>> It's also what I meant. Most sysadmins just need someone to blame if
>>> it goes wrong.
>> Oh great, so all we need to provide is someone to blame! Problem solved!
> Unfortunately in some cases it's really so
On Wed, Aug 19, 2009 at 05:17:13PM +0200, Vladimir 'phcoder' Serbinenko wrote:
> On Wed, Aug 19, 2009 at 5:08 PM, Robert Millan wrote:
> >
> > I agree with this proposal in general. Except with the concept of "users",
> > which I think might be overkill. GRUB is not a Un*x with its /home and
> >
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michal Suchanek a écrit :
> 2009/8/20 Michael Gorven :
>> On Thursday 20 August 2009 10:20:02 Michal Suchanek wrote:
>>> 2009/8/20 Michael Gorven :
On Thursday 20 August 2009 09:59:42 Michal Suchanek wrote:
> 2009/8/20 Michael Gorven :
>>
On Wed, Aug 19, 2009 at 05:38:58PM +0200, Vladimir 'phcoder' Serbinenko wrote:
> On Wed, Aug 19, 2009 at 5:34 PM, Robert Millan wrote:
> > On Wed, Aug 19, 2009 at 01:54:46PM +0200, Vladimir 'phcoder' Serbinenko
> > wrote:
> >> This is a dirty import of multiboot specification from grub1. It
> >> d
On Wed, Aug 19, 2009 at 06:33:52PM +0200, Duboucher Thomas wrote:
> > 2) Ethical Aspects
> > ==
> >
> Every technology has its evil uses, so does TPM.
TPM considers "remote attestation" is a feature. It's not bad chance it has
evil uses, it was specifically designed with those in
On Thursday 20 August 2009 18:09:00 Robert Millan wrote:
> And I forgot to mention tax filings, which may also end up preventing free
> software from being used to file taxes. Likewise for many other tasks that
> citizens can't avoid.
>
> So, just move to another state and use a different IRS?
Na
On Wed, Aug 19, 2009 at 09:53:10PM +0200, Michael Gorven wrote:
> On Wed, Aug 19, 2009 at 04:01:39PM +0200, Robert Millan wrote:
>> Can you give a reason not to provide the owner with any of:
>>
>> - A printed copy of the private key corresponding to the chip he paid for.
>
> Not really, although
On Wed, Aug 19, 2009 at 10:27:59PM +0200, Vladimir 'phcoder' Serbinenko wrote:
> >> Right, but we're defending the rights of the legitimate owner of that
> >> device,
> >> which doesn't have to be the same as the end user (e.g. kiosk).
> >
> > I don't see how you're defending the owner's rights. If
On Wed, Aug 19, 2009 at 10:27:59PM +0200, Vladimir 'phcoder' Serbinenko wrote:
> >> It could mean you can't read a book unless you use their designated
> >> non-free
> >> reader (with DRM restrictions, etc).
> >
> > So use a different bank and a different publisher.
> How many record labels will no
>> Proven? As any chip it can only know what's on its pins. High-tech
>> electric lab equipment can fool any chip. Asking nicely at university
>> most students can gain access to one.
>
> I doubt this is even necessary. What's the real difference between
> mounting the chip on the mainboard and plu
2009/8/20 Vladimir 'phcoder' Serbinenko :
> On Thu, Aug 20, 2009 at 1:15 PM, Michael Gorven wrote:
>> On Thursday 20 August 2009 12:58:50 Michal Suchanek wrote:
>>> How does TPM protest your machine from physical access? I thought it's
>>> a small chip somewhere on the board, not a steel case aroun
On Thu, Aug 20, 2009 at 1:15 PM, Michael Gorven wrote:
> On Thursday 20 August 2009 12:58:50 Michal Suchanek wrote:
>> How does TPM protest your machine from physical access? I thought it's
>> a small chip somewhere on the board, not a steel case around the
>> machine.
>
> The TPM can be configured
On Thursday 20 August 2009 12:58:50 Michal Suchanek wrote:
> How does TPM protest your machine from physical access? I thought it's
> a small chip somewhere on the board, not a steel case around the
> machine.
The TPM can be configured to only divulge the secret once it's been proven
that only th
2009/8/20 Michael Gorven :
> On Thursday 20 August 2009 10:20:02 Michal Suchanek wrote:
>> 2009/8/20 Michael Gorven :
>> > On Thursday 20 August 2009 09:59:42 Michal Suchanek wrote:
>> >> 2009/8/20 Michael Gorven :
>> >> > On Thursday 20 August 2009 09:49:06 Michal Suchanek wrote:
>> >> >> 2009/8/2
>>
>> It's also what I meant. Most sysadmins just need someone to blame if
>> it goes wrong.
>
> Oh great, so all we need to provide is someone to blame! Problem solved!
Unfortunately in some cases it's really so. Sometimes it leads to
sysadmins choosing proprietary software not because they believ
On Thursday 20 August 2009 12:15:42 Vladimir 'phcoder' Serbinenko wrote:
> On Thu, Aug 20, 2009 at 9:38 AM, Michael Gorven
wrote:
> > On Wednesday 19 August 2009 22:25:00 Vladimir 'phcoder' Serbinenko wrote:
> >> > 99% of people with this use case are not going to put their BIOS chip
> >> > in con
>>
>> There is hardware for secure key storage which you can put into some
>> card slot or USB and unlike TPM you can also remove it and store
>> separately from the computer which greatly decreases the chance that
>> your data would be compromised if your computer is stolen.
>
> But that doesn't p
On Thu, Aug 20, 2009 at 9:40 AM, Michael Gorven wrote:
> On Wednesday 19 August 2009 22:44:18 Vladimir 'phcoder' Serbinenko wrote:
>> But why can't I generate my keys on first use? Or why do I need
>> manufacturer's signature?
>
> You don't.
Exactly. But signature is there which makes it possible t
On Thu, Aug 20, 2009 at 9:38 AM, Michael Gorven wrote:
> On Wednesday 19 August 2009 22:25:00 Vladimir 'phcoder' Serbinenko wrote:
>> > 99% of people with this use case are not going to put their BIOS chip in
>> > concrete. Configuring a TPM chip a lot easier.
>>
>> 98% of people in this case don't
On Thursday 20 August 2009 10:20:02 Michal Suchanek wrote:
> 2009/8/20 Michael Gorven :
> > On Thursday 20 August 2009 09:59:42 Michal Suchanek wrote:
> >> 2009/8/20 Michael Gorven :
> >> > On Thursday 20 August 2009 09:49:06 Michal Suchanek wrote:
> >> >> 2009/8/20 Michael Gorven :
> >> >> > On We
2009/8/20 Michael Gorven :
> On Thursday 20 August 2009 09:59:42 Michal Suchanek wrote:
>> 2009/8/20 Michael Gorven :
>> > On Thursday 20 August 2009 09:49:06 Michal Suchanek wrote:
>> >> 2009/8/20 Michael Gorven :
>> >> > On Wednesday 19 August 2009 21:21:28 Michal Suchanek wrote:
>> >> >> Tell me
On Thursday 20 August 2009 09:59:42 Michal Suchanek wrote:
> 2009/8/20 Michael Gorven :
> > On Thursday 20 August 2009 09:49:06 Michal Suchanek wrote:
> >> 2009/8/20 Michael Gorven :
> >> > On Wednesday 19 August 2009 21:21:28 Michal Suchanek wrote:
> >> >> Tell me one technical benefit of TPM over
2009/8/20 Michael Gorven :
> On Thursday 20 August 2009 09:49:06 Michal Suchanek wrote:
>> 2009/8/20 Michael Gorven :
>> > On Wednesday 19 August 2009 21:21:28 Michal Suchanek wrote:
>> >> Tell me one technical benefit of TPM over coreboot.
>> >
>> > Coreboot doesn't provide protected storage of se
On Thursday 20 August 2009 09:49:06 Michal Suchanek wrote:
> 2009/8/20 Michael Gorven :
> > On Wednesday 19 August 2009 21:21:28 Michal Suchanek wrote:
> >> Tell me one technical benefit of TPM over coreboot.
> >
> > Coreboot doesn't provide protected storage of secrets (e.g. harddrive
> > decrypti
2009/8/20 Michael Gorven :
> On Wednesday 19 August 2009 21:21:28 Michal Suchanek wrote:
>> Tell me one technical benefit of TPM over coreboot.
>
> Coreboot doesn't provide protected storage of secrets (e.g. harddrive
> decryption keys).
TPM does not either at the time the BIOS is loaded. Remember
On Wednesday 19 August 2009 21:21:28 Michal Suchanek wrote:
> Tell me one technical benefit of TPM over coreboot.
Coreboot doesn't provide protected storage of secrets (e.g. harddrive
decryption keys).
--
http://michael.gorven.za.net
PGP Key ID 1E016BE8
S/MIME Key ID AAF09E0E
signature.asc
De
On Wednesday 19 August 2009 22:44:18 Vladimir 'phcoder' Serbinenko wrote:
> But why can't I generate my keys on first use? Or why do I need
> manufacturer's signature?
You don't.
--
http://michael.gorven.za.net
PGP Key ID 1E016BE8
S/MIME Key ID AAF09E0E
signature.asc
Description: This is a dig
On Wednesday 19 August 2009 22:25:00 Vladimir 'phcoder' Serbinenko wrote:
> > 99% of people with this use case are not going to put their BIOS chip in
> > concrete. Configuring a TPM chip a lot easier.
>
> 98% of people in this case don't really care if they are secure or not.
I said "with this us
46 matches
Mail list logo
