Trusted Boot in Fedora

夜神 岩男 supergiantpotato at yahoo.co.jp
Sun Jul 3 14:44:33 UTC 2011 

On Wed, 2011-06-29 at 13:48 +0200, Björn Persson wrote:
> Miloslav Trmač wrote:
> > First, the TPM (nor the CPU) really can't tell the difference between
> > the owner of the computer and an author of a virus.
> 
> A jumper on the motherboard, or some other kind of physical circuit breaker, 
> can do that. It would have been possible to design the TPM to accept a new 
> master key only when a certain circuit is closed.

It would have been possible, but remember the purpose and history of
Trusted Computing (of which this is a fundamental part) before it hit
the commercial scene. Originally this was conceived as a way for
government workers of various types to be able to use secure computing
systems even *after* an unattended period. The whole concept is based on
finding a way to circumvent the first law of information security: "If
the attacker has physical access you don't have security." If a
circumvention jumper were designed into the system this would defeat the
purpose.

Today we are having this discussion in the commercial and private space
only because it is a technology the government already understands and
would therefore feel confident in designing anti-circumvention
legislation around to suit the needs of the pro-DRM folks. It has the
added benefit that a red herring "security for everyone" argument can be
made to support the concept of including DRM enablers into all digital
devices in the commercial space. Of course, the TPM piece being an
Intel-only standard and the software behind it being a black-box set of
processes undercuts the non-DRM commercial hype at the root. This being
naturally of benefit to Intel far more than it is of benefit to anyone
interested in actually knowing what their system is up to (one phrase
for that is "information security") is easy to overlook.

The idea that government interest is still driving this is a bit shallow
-- there are already functionally identical systems which have been
fielded (and the customer in this case, who really is concerned with
complete security, does not have the handicap of being made to trust any
black-box processes at any level, anywhere) and I've already attempted
to place this discussion in perspective elsewhere. In short, this is a
step toward DRM of a sort nobody can quite fathom yet. Ultimately it
will prove to be scary to the point that I seriously feel it will be
dropped in the commercial space and media providers (and Microsoft) will
simply have to evolve or get eaten by whoever else does first.

-Iwao

More information about the devel mailing list