[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A _good_ and valid use for TPM

From: Michael Gorven
Subject: Re: A _good_ and valid use for TPM
Date: Fri, 20 Feb 2009 14:12:01 +0200
User-agent: KMail/1.9.10

On Friday 20 February 2009 13:27:28 phcoder wrote:
> Free software is about freedom of choice. I think we should have
> possibility to have multiple authentication and key sources. Then one
> could e.g. not save password as md5 somewhere in configfile or embedded
> in module but check that this password opens luks. Or that it's a
> password of somebody in wheel group basing on /etc/passwd, /etc/shadow
> and /etc/group. In this case tpm-keyretrieve module may be developed
> outside of main trunk and if someone wants it he can download it

Yes, I agree that there should be multiple methods, but I don't see why the 
TPM module shouldn't be in the main trunk. It wouldn't be forced on GRUB 
users in any way -- we would just be giving them the option to use it. They 
would have to explicitly enable and set it up. As Jan said, the TPM is a 
passive device which can be used in any way we wish, and I don't see why 
using some of its features to create a more secure system is wrong.


PGP Key ID 6612FE85

Attachment: signature.asc
Description: This is a digitally signed message part.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]