On Thu, 19 Feb 2009 16:05:10 +0100 phcoder <phco...@gmail.com> wrote:
> Personally if tpm support is merged into mainline grub2 I'll stop using > it. However what you request doesn't need tpm. Authenticity of modules, > configuration files and so on can be verified by one of 4 methods: > 1) internal signatures > 2) file in signed gpg container > 3) detached signatures > 4) signed hash file While TPM may open a door for corporations to prevent machine owners from having control over their machines, in this instance I do not see another way to solve Alex's problem. To restate the problem: 1. The disk must be encrypted. 2. The system must be able to boot without human interaction. That is, a user cannot be prompted for a passphrase or key. The solution using TPM, as I understand it, essentially puts the encryption key into tamper-resistant memory in the TPM module, and supports integrity verification of the system, including the software on the hard disk, at load time. It sounds like any solution to problem points (1) and (2) would require some sort of tamper-resistant module to store the key and handle the first level of verification (to verify the initial code loaded from disk). From that point on, the verified boot sector code can read the encryption key and verify the next-higher level of software, and so on. The evil part of TPM seems to be when a person buys a computer but the computer is locked down with a key not provided to the buyer. Regards, Colin _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
