sad treacherous computing day

Tue May 8 22:36:26 UTC 2007

On Wed, 2007-05-09 at 00:17 +0200, Alfred M. Szmidt wrote:
> But you show a great example of
> another reason why TC is evil: users cannot install local software,
> since local software is not signed, it cannot be run.  If a user can
> insert a unsigned program that is run, they can insert trojans,
> keyloggers and what not.

I'm not sure why local users being able to install software
automatically means that they can make a machine physically insecure; I
don't think that follows at all - I would consider a user being able to
insert a trojan to be a security bug. But anyway, it's possible to
secure an operating system with TPM-type tech and still allow people to
run whatever software they want.

It's still pretty difficult for a technology to be intrinsically evil.
You might care about local users; as the only user on my laptop I care
more about people not being able to access my data if it gets stolen for
example, or preventing other people running software on my firewall. 

Of course there are other ways of doing this, but supporting the feature
in hardware is useful in the same way virtual memory has benefits over
co-operative multitasking (and drawbacks).

> I find the GPG card (or whatever it is called) quite different from
> TC, it doesn't prohibit you from running things.  And this is the
> sole, and _only_ goal of TC, to control who can run what, via hardware
> so that others cannot decide what they will do.

I'm not sure that's an accurate comparison. A TPM chip is simply a
generic mechanism for safely storing private keys, passwords, etc. -
which isn't that different to a GPG card. The use cases are slightly
different because a GPG card is a portable and separate token, whereas
the TPM is built in.

But at the end of the day, it's a piece of hardware which can do useful
things and (in my case) has free software drivers under my control.
There are worse problems in the world.

Cheers,

Alex.