On Thu, Aug 20, 2009 at 9:40 AM, Michael Gorven<mich...@gorven.za.net> wrote: > On Wednesday 19 August 2009 22:44:18 Vladimir 'phcoder' Serbinenko wrote: >> But why can't I generate my keys on first use? Or why do I need >> manufacturer's signature? > > You don't. Exactly. But signature is there which makes it possible to challenge user to use TPM without owning the system. For user it doesn't matter if key is signed or not. If TPM was supplied blank and the user could generate keypair himself then if he doesn't want to use TPM he could generate a keypair in GnuPG and noone would be able to distinguish it from TPM key. The owner would have a public key and he would know it's the key from TPM because he himself generated and retrieved it. But do manufacturers do it that way? > > -- > http://michael.gorven.za.net > PGP Key ID 1E016BE8 > S/MIME Key ID AAF09E0E > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > http://lists.gnu.org/mailman/listinfo/grub-devel > >
-- Regards Vladimir 'phcoder' Serbinenko Personal git repository: http://repo.or.cz/w/grub2/phcoder.git _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
