First of all you can write anything in specifications. Real chips don't
necessary follow specifications. It's even said that it's "optional".
Secondly this certificate makes regenerating worthless. Companies
coercing you into using they software may challenge you to use signed
public key. Then you still have a choice to regenerate your key but it's
simply equivalent to "but nobody's threatening your freedom: we
still allow you to remove your data and not access it at all.". It's
equivalent to just smashing your tpm.
Regards
Vladimir 'phcoder' Serbinenko
Alex Besogonov wrote:
On Sat, Feb 21, 2009 at 3:51 PM, Robert Millan <r...@aybabtu.com> wrote:
- An override button that's physically accessible from the chip can be
used to disable "hostile mode" and make the TPM sign everything. From
that point physical access can be managed with traditional methods (e.g.
locks).
But they didn't.
And actually, they did.
================================
New flexibility in EKs. In the 1.1b specification, endorsement keys
were fixed in the
chip at manufacture. This allowed a certificate to be provided by the
manufacturer for the
key. However, some privacy advocates are worried about the EK becoming
a nonchangeable
identifier (in spite of all the privacy controls around it, which
would make doing
this very difficult). ***As a result, the specification allows a
manufacturer to allow the key to
be removed by the end user and regenerated.*** Of course the
certificate at that point would
become worthless, and it could be very expensive for the end user to
get a new certificate.
================================
https://www.trustedcomputinggroup.org/specs/TSS/TSS_1_2_Errata_A-final.pdf
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
