Re: TPM chip and Grub bootloader

2007-06-01 Thread Klaus Weiss
Hi, sorry for the last mail, my younger sister was playing with my computer... -- GNU Maintainer (uid:klausweiss) Free Software - Free as in Freedom ___ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel

Re: TPM chip and Grub bootloader

2007-06-01 Thread Klaus Weiss
hallo bist cool Am Donnerstag, den 31.05.2007, 01:28 +0200 schrieb Stefan Reinauer: > * Robert Millan <[EMAIL PROTECTED]> [070530 15:18]: > > IOW, no matter who the keys belong to, the problem is there's a component in > > the hardware I paid for that is hostile to me, which contains keys that I >

Re: TPM chip and Grub bootloader

2007-05-31 Thread Stefan Reinauer
* Marco Gerards <[EMAIL PROTECTED]> [070531 18:40]: > > You do not need a TPM based system. Todays BIOSes prohibit flashing > > anything not signed by the vendor using SMI and hardware lockdown > > mechanisms. You are locked out already, even though you might not care > > or know yet. > > That sou

Re: TPM chip and Grub bootloader

2007-05-31 Thread Marco Gerards
Stefan Reinauer <[EMAIL PROTECTED]> writes: > * Robert Millan <[EMAIL PROTECTED]> [070530 15:18]: >> IOW, no matter who the keys belong to, the problem is there's a component in >> the hardware I paid for that is hostile to me, which contains keys that I >> cannot retrieve (good, because of securi

Re: TPM chip and Grub bootloader

2007-05-31 Thread Robert Millan
On Thu, May 31, 2007 at 12:45:10PM +0200, Patrick Georgi wrote: > As far as I know, this mechanism doesn't prevent you from creating > another root. (or just deleting the old one) No, but it stablishes a practice that it is ok to use someone else's root. When everyone starts doing this (and they

Re: TPM chip and Grub bootloader

2007-05-31 Thread Patrick Georgi
Robert Millan schrieb: IOW, no matter who the keys belong to, the problem is there's a component in the hardware I paid for that is hostile to me, which contains keys that I cannot retrieve (good, because of security), and refuses to use the keys on anything I want it to (bad, because it's inhere

Re: TPM chip and Grub bootloader

2007-05-30 Thread Stefan Reinauer
* Robert Millan <[EMAIL PROTECTED]> [070530 15:18]: > IOW, no matter who the keys belong to, the problem is there's a component in > the hardware I paid for that is hostile to me, which contains keys that I > cannot retrieve (good, because of security), and refuses to use the keys on > anything I w

Re: TPM chip and Grub bootloader

2007-05-30 Thread Robert Millan
On Fri, May 25, 2007 at 10:11:03AM -0500, Bruno Wolff III wrote: > On Fri, May 25, 2007 at 11:06:49 +0200, > Patrick Georgi <[EMAIL PROTECTED]> wrote: > > > > As so often, it can be used for, and against the user. Binding certain > > data to a machine (eg. certificates) and making it non-trivia

Re: TPM chip and Grub bootloader

2007-05-30 Thread Robert Millan
On Fri, May 25, 2007 at 11:06:49AM +0200, Patrick Georgi wrote: > > As so often, it can be used for, and against the user. Do these chips support so-called "owner override" ? If they don't, then this tool contains logic specificaly designed to be used _against_ the user, and your argument that "

Re: TPM chip and Grub bootloader

2007-05-26 Thread Jerone Young
There are some patches floating around in the world for grub1 to use TPM. Actually you can find it here: http://sourceforge.net/projects/trustedgrub/ It is still being kept up as there was a release this month. This would be a good project to look at, if you have not already. On 5/24/07, karmo

Re: TPM chip and Grub bootloader

2007-05-25 Thread Bruno Wolff III
On Fri, May 25, 2007 at 11:06:49 +0200, Patrick Georgi <[EMAIL PROTECTED]> wrote: > > As so often, it can be used for, and against the user. Binding certain > data to a machine (eg. certificates) and making it non-trivial to get at > them. And the way to tell is who has the keys that are stor

Re: TPM chip and Grub bootloader

2007-05-25 Thread Patrick Georgi
Robert Millan schrieb: On Thu, May 24, 2007 at 01:41:31AM -0700, karmo wrote: hi i want to program Grub to use the TPM chip to load certified Operating System (like windows or redhat, it doesn't matterbut perhaps i will use a redhat versione). can you give me documents about how to do this?

Re: TPM chip and Grub bootloader

2007-05-24 Thread Robert Millan
On Thu, May 24, 2007 at 01:41:31AM -0700, karmo wrote: > > hi > i want to program Grub to use the TPM chip to load certified Operating > System (like windows or redhat, it doesn't matterbut perhaps i will use > a redhat versione). > can you give me documents about how to do this? Is that rela

Re: TPM chip and Grub bootloader

2007-05-24 Thread Julien Ranc
There already exist a patched version of Grub (not Grub 2, as far as I know), named TrustedGrub, available at this address : http://www.prosec.rub.de/trusted_grub.html I never tried it though, so I won't be able to assist you in using it. Hope that helps. 2007/5/24, karmo <[EMAIL PROTECTED]>: