On Sat, Feb 21, 2009 at 3:51 PM, Robert Millan <address@hidden> wrote:
- An override button that's physically accessible from the chip can be
used to disable "hostile mode" and make the TPM sign everything. From
that point physical access can be managed with traditional methods (e.g.
locks).
But they didn't.
And actually, they did.
================================
New flexibility in EKs. In the 1.1b specification, endorsement keys
were fixed in the
chip at manufacture. This allowed a certificate to be provided by the
manufacturer for the
key. However, some privacy advocates are worried about the EK becoming
a nonchangeable
identifier (in spite of all the privacy controls around it, which
would make doing
this very difficult). ***As a result, the specification allows a
manufacturer to allow the key to
be removed by the end user and regenerated.*** Of course the
certificate at that point would
become worthless, and it could be very expensive for the end user to
get a new certificate.
================================
https://www.trustedcomputinggroup.org/specs/TSS/TSS_1_2_Errata_A-final.pdf
_______________________________________________
Grub-devel mailing list
address@hidden
http://lists.gnu.org/mailman/listinfo/grub-devel