Re: TPM support with SATA drives

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TPM support with SATA drives

From:	Chris Knadle
Subject:	Re: TPM support with SATA drives
Date:	Sat, 26 Apr 2008 22:58:14 -0400
User-agent:	KMail/1.9.9

On Saturday 19 April 2008, Robert Millan wrote:
> You think remote attestation is voluntary, but by its nature it cannot be
> made voluntary.  Voluntary means I can refuse to participate without giving
> the challenger any information about my system.  However, my refusal to
> participate *IS* already information.  In fact, if you add to it another
> piece of information -- namely, the (future) fact that everyone has a
> complete Treacherous stack --, what do you get?  Right!  You get the
> ability to distinguish who is running your CrapWare 2000[tm] DRM program
> and who isn't.
>
> Which means that in the future (unless computer users reject it outright),
> DRM proponents will have a very powerful tool in order to coerce everyone
> into using the anti-features they put in their programs (which obviously
> nobody *wants* to have, that's why they have to make it so confusing).

   I think you're right about TPM, Robert.  :-/

   I recently acquired a laptop that came with a TPM chip; thankfully I was 
aware of what TPM was indended to be used for and had read warnings on the 
matter from privacy advocates.  The laptop came with Vista preloaded, which 
asked a vague [and perhaps intentionally misleading] question, something 
along the lines of: "This device has a TPM chip which has not yet been 
activated, would you like to activate it now?  It will help security if you 
do."  [To which I answered NO.]

   And in the BIOS settings, sure enough there are some TPM feature settings 
that are very clearly not to the benefit of the user/owner:

   Security Reporting Options: (each below has enable/disable option)
      BIOS ROM String Reporting
      ESCD Reporting
      CMOS Reporting
      NVRAM Reporting
      SMBIOS Reporting
   Clear Security Chip (enable/disable)
      Note says: "It will not be possible to access already-encrypted data
                  after these keys are cleared"

   I think it's pretty clear that the intent is to report the above 
information to the OS manufacturer rather than to the user or owner.

   -- Chris

-- 

Chris Knadle
address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

TPM support with SATA drives, Laurent Dufréchou, 2008/04/18
- Re: TPM support with SATA drives, Robert Millan, 2008/04/18
  - Re: TPM support with SATA drives, Julian Blake Kongslie, 2008/04/18
    - RE: TPM support with SATA drives, Laurent Dufréchou, 2008/04/18
    - Re: TPM support with SATA drives, Robert Millan, 2008/04/19
    - Re: TPM support with SATA drives, Robert Millan, 2008/04/19
    - Re: TPM support with SATA drives, Chris Knadle <=
- Re: TPM support with SATA drives, Robert Millan, 2008/04/18
  - Re: TPM support with SATA drives, Laurent Dufréchou, 2008/04/18
    - Re: TPM support with SATA drives, Robert Millan, 2008/04/18
  - Re: TPM support with SATA drives, Laurent Dufrechou, 2008/04/18
  - Re: TPM support with SATA drives, Laurent Dufrechou, 2008/04/18
    - Re: TPM support with SATA drives, Robert Millan, 2008/04/18
- Re: TPM support with SATA drives, Robert Millan, 2008/04/20

Prev by Date: grub2-1.96.src.rpm
Next by Date: Re: grub2: symlink on reiserfs: error: file not found SOLVED
Previous by thread: Re: TPM support with SATA drives
Next by thread: Re: TPM support with SATA drives
Index(es):
- Date
- Thread