Tim writes:

 > I reckon the default thought of most people who're suddenly faced with
 > a computer failing a security test is not going to be that something
 > has changed on them without authority, but that something has gone
 > wrong.  They're going to try and reset something, rather than work out
 > if they've been compromised.

Indeed.  Pragmatically speaking, I don't think they're wrong, do you?

Patrick writes:

 > I think much depends on what the TPM is used for. Certainly if the
 > user takes care not to subvert the intention, it can reasonably be
 > used to ensure that only trusted software is run.

"Pragmatically speaking ..." ;-)  Seriously, I think TPM mostly makes
sense with VMs.  People who write programs are generally going to be
very unhappy with the amount of kissing up to the TPM they have to do.
Like, on Mac every time LLVM releases a new version of the debugger I
have to go through the self-signing dance.  So far I have been
satisfied with the results every time (there really are new features
or performance improvements), but it's infrequent enough that I have
no memory of the procedure, let alone muscle memory.

 > OTOH, I think one application of TPM (at least when originally
 > proposed) was to prevent the user from bypassing DRM, in which case
 > the trust goes in the other direction and the situation is
 > different.

Yeah, there was a *lot* of angst about potential DRM applications at
the time.  I'm willing to bet it's possible to distinguish a hardware
TPM from a software TPM for that application, though.  I didn't look
hard enough to see if the Xen folk had proposed a protocol to get a
token from the hardware TPM to vouch for a VM in that case.

Steve
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to