Re: TPM chip and Grub bootloader

[Robert Millan]

On Thu, May 31, 2007 at 12:45:10PM +0200, Patrick Georgi wrote:
> As far as I know, this mechanism doesn't prevent you from creating 
> another root. (or just deleting the old one)

No, but it stablishes a practice that it is ok to use someone else's root.

When everyone starts doing this (and they WILL do this since someone else
will take the decision for them), that practice will become standard, then
I am being labeled as "not clear" by omission if I insist in using my own
root instead of someone else's.

An example: if a website requires that you must use Internet Explorer to view
it, and uses a TPM scheme to get clients to prove they're using IE, there's
nothing I can do to visit this website, other than using IE.  Before Treacherous
Computing, such kind of lockdown was impossible to accomplish.

I don't deny that this technology could be oriented towards legitimate uses,
becoming Trusted Computing rather than Treacherous.  But this may only come
when everyone stops the pretension that a TPM system that can be used with
someone else's root and doesn't provide any backdoor for owner with physical
access is indeed agnostic about good and evil.  We'll see that when they
start selling preconfigured TPMs where root belongs to a mallicious 3rd
party (if they aren't doing that already).

-- 
Robert Millan

My spam trap is address@hidden  Note: this address is only intended
for spam harvesters.  Writing to it will get you added to my black list.