David wrote:
Scott Gifford wrote:
David <[EMAIL PROTECTED]> writes:
Jimmy Wu wrote:
[...]
(2) Does Debian support TPM chips? What is the community's take on
the issue?
My take is that TPM does have some security merits, but it also has a
lot of potential for abuse.
Google turned up these results of the beginnings of TPM support in
Linux:
http://www.linuxelectrons.com/news/linux/15574/ibm-brings-trusted-computing-linux
http://lwn.net/Articles/144681/
Never on my machine.
TPM is actually pretty interesting from a security perspective. It
has nothing to do with ID on the Internet,
What articles there are on the subject state that network validation
is a feature.
but instead uses a chain of
certificates to verify that the code you're booting is what's
configured in the TPM settings. If you get a boot sector virus, your
computer won't boot because it doesn't match what's expected. If your
box gets owned and the kernel hacked to hide the intruder, it will
stop booting because the kernel won't match what's expected. If your
applications are modified by an attacker, they won't run because they
aren't what's expected.
The big question that determines whether this is a giant security win
or a huge loss of control is who gets to configure TPM. If it's you,
great, you can decide what OS to trust, etc. But if it's the
manufacturer, then you've lost control over what you can boot, which
is awful.
I feel safe in predicting the outcome now.
All FOSS advocates are in love with IBM at the moment, forgetting that
IBM once occupied that portion of the market that Microsoft are
currently trying to regain/retain with their flawed OOXML ISO
application, and were every bit as ruthless.
It doesn't seem clear to me yet which will be prevalent.
Also, it's not clear what this will do for reliability. Will minor,
correctable corruption become complete breakage?
I find it hard to see how you could have one without the other.
Write a small modification script and your system doesn't operate
anymore.
Corporate supplied software only.
Written by licenced programmers only.
More than one way to skin a cat.
The OOXML and TCM aspects seem to have the same potential in common.
Control, and the corporate ideal of dictating to the marketplace.
Time will tell, I
guess.
I don't intend to sit on my hands.
I've just bought a couple of Bruce Schneier's books and intend to
explore other directions of the cryptographic ilk also.
Not just because of TCM or because I'm a member of Al Quaida, but
because I have a basic existential right to a private, personal
existence.
I don't feel that I need either Microsoft or IBM to make decisions on
what I should or shouldn't have on my own box.
If they began to do so, which it appears they have, I should have to
suspect their motives.
I feel quite confident in my own abilities to make any and all
decisions on my personal existence, thanking them very politely anyway.
Regards,
That kind of "freedom talking" will get you marked as a radical!! Next
thing you know, you will be talking about "source code". I think we
need to watch you!
--
Damon L. Chesser
[EMAIL PROTECTED]
404-271-8699
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
