On Fri, Apr 18, 2008 at 02:07:12PM +0200, Laurent Dufréchou wrote: > Yeah I see what you mean., and I agree a lot. I got a TPM chip in my > computer that I could use to encrypt my hard dsk but I will never use it as > I don't have access to all the thing. > In fact what i'm askig is for a special use case. > My use case is that I provide an embedded computer running linux operating > system, and I want to be sure that the all system that I can't remotly > manage isn't corrupted to its task. > In this case I'm in the case of the "Hostile party Bad Guy wanting to > measure you" ;). > I think TPM chip can only be used for that. Not for like they claim to give > to classical user a trusted computer. > I want to use it to trust MY computer used by another guy (that can be an > attacker). (industry market, not consumer one) > I think in this use case it is ehicaly correct as I try to measure and > ensure my system is not corrupted. (Must be the only case where TPM chip are > good at :) )
I believe you can accomplish that by booting the system from USB. Just point your /boot partition to a USB stick, then encrypt the hard drive. Then use the stick as a "key" that is never left to untrusted hands (or, at most, is only copied from a master, known-untampered key). This would allow you to have security without making yourself dependant on such kind of nasty technology. -- Robert Millan <GPLv2> I know my rights; I want my phone call! <DRM> What use is a phone call… if you are unable to speak? (as seen on /.) _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
