[Fwd: Re: sad treacherous computing day]
Alex Hudson
home at alexhudson.com
Thu May 10 13:33:23 UTC 2007
On Thu, 2007-05-10 at 09:12 -0400, simo wrote:
> On Thu, 2007-05-10 at 14:46 +0200, arc wrote:
> > Consider the fact that the majority of people unaware of this dangers
> > are Windows users, not GNU users.
> >
> > And tc in combination with proprietary software... you know. :)
>
> The TC in ThinkPads need proprietary software do be really dangerous,
> but that's not the TPM Stallman fears. That's Palladium (or whatever the
> last name) where even Free Software wouldn't make any difference,
> because the control starts at boot in hardware before any software is
> loaded.
Simo - just to be clear, if we're talking specifically about the TC in
Thinkpads, it might be theoretically possible to use them in such a
scenario, but the way they come out of the factory it would be very
difficult. There is no root certificate or chain of trust that you could
turn no, nor no private key that Microsoft (or whoever) could use to
sign a kernel that would be the only one allowed to boot. They basically
come as empty containers.
Of course, you could maybe ship a custom bios that uses the TPM chip in
the Thinkpad to store keys that do check the boot software, but if
you're doing that you don't actually need the TPM chip - you can do
basically the same thing in the BIOS (witness the problems using non-IBM
wifi cards in Thinkpads).
And you're right, the proposed Palladium system is not what is in
Thinkpads - different chip, different idea, and I don't for one second
support that kind of scenario.
I think people should be less concerned about supposed problems with TPM
chips and more concerned with stuff like UEFI which actually does
threaten users' control over their machines, e.g.:
http://fosdem.org/2007/interview/ronald+g+minnich
Unlike Palladium, you can actually buy hardware with this stuff in (for
example, Macs).
Cheers,
Alex.
More information about the Discussion
mailing list