On Mon, Mar 30, 2015 at 4:09 AM, Mick <michaelkintz...@gmail.com> wrote: > On Monday 30 Mar 2015 01:52:14 Rich Freeman wrote: >> On Sun, Mar 29, 2015 at 8:32 PM, Walter Dnes <waltd...@waltdnes.org> wrote: >> > Be careful what you wish for. I have my doubts that TPM chips would >> > >> > boot linux with Microsoft offering "volume discounts" to OEMS. Call me >> > cynical. >> >> TPM chips don't control what boots. They just accept the hash of the >> bootloader reported by the firmware and store it (and that is it as >> far as the OEM's contribution to the process). > > Rich, the problem with TPM as I understand it is that the private key in the > TPM chip is not yours, generated on your trusted platform, but the TPM > manufacturer's and is burned into the TPM chip at the time of production. If > the TPM OEMs are in US or within the sphere of influence of the US, then I > would consider this key as good as compromised.
As far as I'm aware, using a TPM for full-disk encryption does not rely on any keys pre-installed in the TPM. Typically you install your own key or have the TPM generate one for you. All the TPM does is refuse to divulge the key unless the firmware reported that the bootloader hash matches what you told it to look out for, and the bootloader reported that the kernel hash matches what you told it to look for (and you can go beyond that, but only if you are using a distro that signs its userspace, which I believe is a direction RedHat is going). However, if the TPM or firmware has a back-door, then I'll certainly grant that the NSA can read your hard drive. They don't even need to compromise the TPM - the firmware alone is capable of compromising the trusted boot path. It just needs to tell the TPM that it booted your trusted bootloader when it really booted something else. Securing your system isn't really about keeping the NSA out. If they want in, they're probably already in. Sure, it might be hypothetically possible to keep them out, but it would take far more effort than almost anybody is going to be willing to put in. A TPM will likely do a very effective job at keeping the 99.9999999% of people on the Earth who aren't the NSA out, which seems to be good enough for just about every company on the planet, since most secure their laptops with TPMs. -- Rich
