Re: Windows 11 VMs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Tim writes:

 > I reckon the default thought of most people who're suddenly faced with
 > a computer failing a security test is not going to be that something
 > has changed on them without authority, but that something has gone
 > wrong.  They're going to try and reset something, rather than work out
 > if they've been compromised.

Indeed.  Pragmatically speaking, I don't think they're wrong, do you?

Patrick writes:

 > I think much depends on what the TPM is used for. Certainly if the
 > user takes care not to subvert the intention, it can reasonably be
 > used to ensure that only trusted software is run.

"Pragmatically speaking ..." ;-)  Seriously, I think TPM mostly makes
sense with VMs.  People who write programs are generally going to be
very unhappy with the amount of kissing up to the TPM they have to do.
Like, on Mac every time LLVM releases a new version of the debugger I
have to go through the self-signing dance.  So far I have been
satisfied with the results every time (there really are new features
or performance improvements), but it's infrequent enough that I have
no memory of the procedure, let alone muscle memory.

 > OTOH, I think one application of TPM (at least when originally
 > proposed) was to prevent the user from bypassing DRM, in which case
 > the trust goes in the other direction and the situation is
 > different.

Yeah, there was a *lot* of angst about potential DRM applications at
the time.  I'm willing to bet it's possible to distinguish a hardware
TPM from a software TPM for that application, though.  I didn't look
hard enough to see if the Xen folk had proposed a protocol to get a
token from the hardware TPM to vouch for a VM in that case.

Steve
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux