Re: A _good_ and valid use for TPM

[Michael Gorven]

On Friday 20 February 2009 02:29:50 Jan Alsenz wrote:
> So in the end (after boot) you have a bunch of PCR values, that represent
> all the code and data, that was used to boot the system. If you have this
> and are sure, that the current configuration is correct, you have a
> reference value of the expected system state, which you can use for the
> following:
> - seal a key:
>       You can create a key with the TPM and "bind" it to specific values of 
> the
> PCRs, so it only en/decrypts with it, if these values match.
>       You can encrypt any kind of data with this, but the only useful thing 
> for
> boot is to encrypt a cryptographic key needed to further start the system.

Last year I implemented support for encrypted partitions in GRUB2 [1], which 
means that it can load kernels and ramdisks off encrypted partitions. TPM 
support in GRUB2 would allow the key to be stored in the TPM and only 
provided to GRUB once the system has checked that GRUB hasn't been tampered 
with.

TPM can be used for good or for bad, but this is the case for everything 
involving cryptography. We don't refuse to use encryption algorithms because 
they could be used for DRM, so why should we refuse to use TPM? TPM has the 
potential to make Linux even more secure.

Regards
Michael

[1] My work is yet to be merged into GRUB2.

-- 
http://michael.gorven.za.net
PGP Key ID 6612FE85
S/MIME Key ID AAF09E0E

signature.asc
Description: This is a digitally signed message part.