Robert Millan wrote:
Private part of the endorsement key _never_ leaves the device (if
manufacturer uses the recommended TPM_CreateEndorsementKeyPair
method). Even device manufacturer doesn't know it.
Even if that is true (which I doubt), it's merely incidental, because...
It's not really incidental. TCG was initially started as a group to
develop trusted computing platform. MS later tried to hijack it to
realize their wet dream of locked-down computer.
Public key is then
signed by manufacturer's certificate. This ensures that the private
key can't be compromised.
...this ensures that $evil_bob can challenge you to prove you're running
his proprietary anti-user software.
So I won't be able to answer $evil_bob challenge in any case, since I'm
mostly running Linux now.
The question is, will it be practical for you to do disable the TPM a few
years from now?
(I think yes, but that's not the point)
--
With respect,
Alex Besogonov (cybe...@staffdirector.net)
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
