On Tue, Oct 23, 2007 at 04:21:59PM -0500, Andrei E. Warkentin wrote: > >>I think the SELinux people might object to that. One of the biggest > >>problems with security in Linux is that the Linux kernel is not and > >>cannot be the core root of trust, as it is by far not the first thing > >>running and is not located on unmodifiable medium. > > > >How can you trust your BIOS if you can't even read its source code, > >let > >alone verify it was built from it? > > > > I agree. Which also, ultimately, why I think legacy BIOS is dead.
It has nothing to do with legacy; you're in the same situation with EFI. And even with LinuxBIOS. A third party signs binaries and tells you they're safe; that's all you have. > TC is a technology. Like all technology, it has both benign and > malignant and antisocial usage cases. I can make arguments like these too: "A cluster bomb is a technology. Like all technology, it has both benign and malignant and antisocial usage cases." Although every time I heard of someone using cluster bombs it involved mass murder of civilians. Why? Well, to quote Bernard Baruch: "If all you have is a hammer, everything looks like a nail." TC *could* have been designed to serve only benign (but useless) purposes rather than mallicious ones. This would be the case if they included the so-caled owner override mechanism, but this mechanism was rejected. Without this mechanism, remote attestation works automatically due to network effects. Which is fine when you actually want someone else to spy on you, but is not that nice when you don't. > I use a kitchen knife to dice > veggies for food, while a psycho might use it to stab a room of > people. Does this make kitchen knives somehow less desirable within > society? I don't think so. Same goes for TC. So far noone has found a practical way to design knives in a way they can only be used to cut beef or pork but not to cut someone else's throat. If this was possible, I'm sure it'd have been done. Your argument does not apply to TC, where the way to do that has already been found and proposed (and rejected). Besides, given that the benign uses are mostly useless, one can only speculate on why they are being advertised at all. Surely this marketing approach has to serve a purpose. > Implementing third party access is very different from being able to > perform system measurements in the first place. Given a desire to > specifically combat antisocial usage scenarios of TC, there is > nothing stopping someone from NOT HAVING the 3rd party inspection > interfaces in the first place. Or to turn them off. This doesn't > affect secure boot or the use of a TPM to ensure system integrity. Ok, I want to turn them off. So when someone wants to perform 3rd party inspection on me, my TC chip will allow me to lie to them and make them believe I'm running Microsoft Internet Explorer. How can I do that? The chip won't let me. And it turns out it has physical self-destruction mechanisms in case I attempt to tamper it. Anything else I can try? -- Robert Millan <GPLv2> I know my rights; I want my phone call! <DRM> What use is a phone call, if you are unable to speak? (as seen on /.) _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
