David Wagner wrote: > Ben Laurie wrote: > >>Mike Rosing wrote: >> >>>The purpose of TCPA as spec'ed is to remove my control and >>>make the platform "trusted" to one entity. That entity has the master >>>key to the TPM. >>> >>>Now, if the spec says I can install my own key into the TPM, then yes, >>>it is a very useful tool. >> >>Although the outcome _may_ be like this, your understanding of the TPM >>is seriously flawed - it doesn't prevent your from running whatever you >>want, but what it does do is allow a remote machine to confirm what you >>have chosen to run. >> >>It helps to argue from a correct starting point. > > > I don't understand your objection. It doesn't look to me like Rosing > said anything incorrect. Did I miss something? > > It doesn't look like he ever claimed that TCPA directly prevents one from > running what you want to; rather, he claimed that its purpose (or effect) > is to reduce his control, to the benefit of others. His claims appear > to be accurate, according to the best information I've seen.
The part I'm objecting to is that it makes the platform trusted to one entity. In fact, it can be trusted by any number of entities, and you (the owner of the machine) get to choose which ones. Now, it may well be that if this is allowed to proceed unchecked that in practice there's only a small number of entities there's any point in choosing, but that is a different matter. Chers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ Available for contract work. "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
