On Fri, Apr 18, 2008 at 11:20:46AM -0700, Julian Blake Kongslie wrote:
>
> Sorry, but this message is confusing me. Having the TPM in my machine
> act as a cryptographic proxy on my behalf is the entire point of the
> TPM:
It's part of the point, but there's more to it. You can see evidence of that
in two facts:
- The TPM has a master key that the owner never gets a copy of. Not even
if she requests it to the vendor.
- The TPM refuses to sign things with its master key when it doesn't feel
like it. So if you want to use the TPM to emmit a certificate that
proves you're running Microsoft Windows, but you're not, the TPM will
refuse to help you.
> if the software stack has access to the SRK then attackers would
> prefer to attack dead swap space or temp files rather than the TPM
> itself.
Of course. But we're talking about the *owner* having control. The software
stack is not the only way the owner can control her own hardware. For example,
she could get a printed copy of the master key. Or there could be a
jumper/button in the TPM that overrides the restrictions I explained above
(So-called "owner override", which was proposed and rejected because "it was
against the purpose of providing TPMs" -- draw conclussions from what that
means).
> > The idea behind this is that you can be coerced into accepting that someone
> > else can spy on your computer (they call it "remote attestation"). When
> > enough users accept this form of blackmail, it will become impossible to
> > resist to it in practice.
>
> And this is the really confusing part. How can someone else spy on my
> computer because of my TPM? I can *voluntarily* enter into a remote
> attestation system, but to do that I would need to tell my peers the
> public key I will be using to sign the attestations; if I was so
> inclined, I could choose any key that I like for this purpose, and
> instruct the software on my machine to get the unencrypted PCRs from my
> TPM, modify their values as I saw fit, and sign that configuration
> instead.
>
> Even if the software that runs the remote attestation is honest (say,
> because I'm running some Windows-based scheme that I can't easily
> change), I can still elect to boot into Linux, authenticate to the TPM
> with the owner password, and ask it to perform whatever operations I
> want with whatever PCR configuration I want.
You think remote attestation is voluntary, but by its nature it cannot be
made voluntary. Voluntary means I can refuse to participate without giving
the challenger any information about my system. However, my refusal to
participate *IS* already information. In fact, if you add to it another
piece of information -- namely, the (future) fact that everyone has a
complete Treacherous stack --, what do you get? Right! You get the ability
to distinguish who is running your CrapWare 2000[tm] DRM program and who
isn't.
Which means that in the future (unless computer users reject it outright),
DRM proponents will have a very powerful tool in order to coerce everyone
into using the anti-features they put in their programs (which obviously
nobody *wants* to have, that's why they have to make it so confusing).
--
Robert Millan
<GPLv2> I know my rights; I want my phone call!
<DRM> What use is a phone call… if you are unable to speak?
(as seen on /.)
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
