[Fwd: Re: sad treacherous computing day]

• Previous message (by thread): [Fwd: Re: sad treacherous computing day]
• Next message (by thread): [Fwd: Re: sad treacherous computing day]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2007-05-10 at 14:33 +0100, Alex Hudson wrote:

> Simo - just to be clear, if we're talking specifically about the TC in
> Thinkpads, it might be theoretically possible to use them in such a
> scenario, but the way they come out of the factory it would be very
> difficult. There is no root certificate or chain of trust that you could
> turn no, nor no private key that Microsoft (or whoever) could use to
> sign a kernel that would be the only one allowed to boot. They basically
> come as empty containers.
> 
> Of course, you could maybe ship a custom bios that uses the TPM chip in
> the Thinkpad to store keys that do check the boot software, but if
> you're doing that you don't actually need the TPM chip - you can do
> basically the same thing in the BIOS (witness the problems using non-IBM
> wifi cards in Thinkpads).
> 
> And you're right, the proposed Palladium system is not what is in
> Thinkpads - different chip, different idea, and I don't for one second
> support that kind of scenario.
> 
> I think people should be less concerned about supposed problems with TPM
> chips and more concerned with stuff like UEFI which actually does
> threaten users' control over their machines, e.g.:
> 
> 	http://fosdem.org/2007/interview/ronald+g+minnich
> 
> Unlike Palladium, you can actually buy hardware with this stuff in (for
> example, Macs).

I agree with you on every single word,
Simo.

• Previous message (by thread): [Fwd: Re: sad treacherous computing day]
• Next message (by thread): [Fwd: Re: sad treacherous computing day]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]