Re: TPM support status ?

[Vladimir 'phcoder' Serbinenko]

On Wed, Aug 19, 2009 at 10:37 PM, Duboucher Thomas<address@hidden> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Vladimir 'phcoder' Serbinenko a écrit :
>> There is a point in keeping them - remote atestation. Why do I need
>> manufacturer to sign my key?
>
> No, the endorsement key pair is not used in remote attestation. Only to
> generate one time key pairs for ownership operations.
> The signature proves that the key was generated within the manufacturer
> infrastructure, and not by someone else using a fraudulent key
> generator. If the TPM is enabled to, you can reset the endorsement key
> pair and generate a new one (you can also create temporary pairs iirc);
> the only thing you'll be missing will be the manufacturer's signature
> (but you can use yours if you wishes to).
>
But why can't I generate my keys on first use? Or why do I need
manufacturer's signature?
>>> It's not against my words. I was telling that a malicious manufacturer
>>> can use a TPM to build a system where the BIOS is less likely to be
>>> modified. And if on top of this he uses this to protect the operating
>>> system ... These are use cases of TPM that _we_ don't want to see.
>> Unfortunately it's the cases it's designed for.
>
> No, it was designed as an hardware-based security for data, not
> exclusively for going against the end-user.
They have to propose something to make people accept it.
>> Without threat model we're speaking placebo.
>>
>
> Stoned Bootkit?
Cold boot?


-- 
Regards
Vladimir 'phcoder' Serbinenko

Personal git repository: http://repo.or.cz/w/grub2/phcoder.git