[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TPM chip and Grub bootloader

From: Robert Millan
Subject: Re: TPM chip and Grub bootloader
Date: Wed, 30 May 2007 15:18:41 +0200
User-agent: Mutt/1.5.13 (2006-08-11)

On Fri, May 25, 2007 at 10:11:03AM -0500, Bruno Wolff III wrote:
> On Fri, May 25, 2007 at 11:06:49 +0200,
>   Patrick Georgi <address@hidden> wrote:
> > 
> > As so often, it can be used for, and against the user. Binding certain 
> > data to a machine (eg. certificates) and making it non-trivial to get at 
> > them.
> And the way to tell is who has the keys that are stored on the TPM chip.
> If it is use, then things are good. If it is someone else, then things
> are bad.

That's a missconception.  It's not the fact that a CA has a master key that
makes this system a threat, it's the fact that when someone else has that
key, there's no way for the owner to use physical access to become the root
of the trust chain and make his own computer sign anything he wants.

IOW, no matter who the keys belong to, the problem is there's a component in
the hardware I paid for that is hostile to me, which contains keys that I
cannot retrieve (good, because of security), and refuses to use the keys on
anything I want it to (bad, because it's inherently an abusive tool).

That, of course, unless owner override feature is present.  Then it's a whole
different story.

Robert Millan

My spam trap is address@hidden  Note: this address is only intended
for spam harvesters.  Writing to it will get you added to my black list.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]