On Thu, 2007-05-10 at 14:33 +0100, Alex Hudson wrote: > Simo - just to be clear, if we're talking specifically about the TC in > Thinkpads, it might be theoretically possible to use them in such a > scenario, but the way they come out of the factory it would be very > difficult. There is no root certificate or chain of trust that you could > turn no, nor no private key that Microsoft (or whoever) could use to > sign a kernel that would be the only one allowed to boot. They basically > come as empty containers. > > Of course, you could maybe ship a custom bios that uses the TPM chip in > the Thinkpad to store keys that do check the boot software, but if > you're doing that you don't actually need the TPM chip - you can do > basically the same thing in the BIOS (witness the problems using non-IBM > wifi cards in Thinkpads). > > And you're right, the proposed Palladium system is not what is in > Thinkpads - different chip, different idea, and I don't for one second > support that kind of scenario. > > I think people should be less concerned about supposed problems with TPM > chips and more concerned with stuff like UEFI which actually does > threaten users' control over their machines, e.g.: > > http://fosdem.org/2007/interview/ronald+g+minnich > > Unlike Palladium, you can actually buy hardware with this stuff in (for > example, Macs).
I agree with you on every single word, Simo. _______________________________________________ Discussion mailing list [email protected] https://mail.fsfeurope.org/mailman/listinfo/discussion
