On Mon, Jun 27, 2011 at 12:11 PM, Andrew Haley <aph@xxxxxxxxxx> wrote: > On 24/06/11 20:49, Miloslav Trmač wrote: >> On Fri, Jun 24, 2011 at 12:49 PM, Andrew Haley <aph@xxxxxxxxxx> wrote: >>> What I don't understand is why this feature requires a binary blob. >>> Surely whatever northbridge code is required can be free software, >>> Is this just security through obscurity? >> >> The purpose of the blob is to "measure" the system state; only the >> blob (and hardware reset) is allowed to restart the "measuring" >> process in the TPM. For this to work securely, the blob must be >> signed by someone that the TPM itself trusts - otherwise an attacker >> could replace the blob by something that lies about the system state. <snip> > What we're saying, then, is that the TPM doesn't trust the owner of > the computer, but its manufacturer. It's impossible for a user to > decide who they trust. First, the TPM (nor the CPU) really can't tell the difference between the owner of the computer and an author of a virus. It's all just software. Second, every owner of a computer has to completely trust the manufacturer of the computer anyway - there are way too many ways the manufacturer can break the security of the system, e.g. backdoors in the CPU or motherboard, or hidden configurations of https://secure.wikimedia.org/wikipedia/en/wiki/Intel_AMT . Placing trust in the manufacturer of the hardware puts the user in no worse position than they were before. And the user, of course, still has full control over whether to use the TPM or not, and what to use it for. Mirek -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
