Folks: If you can write a table of signatures to a pre-reserved location in BIOS flash and then make the BIOS read-only, you can accomplish locally all of the checking and attestation that TPM does. There are only two features of TPM that can't be done this way.
First is the secure store. TPM will store on your behalf the encryption keys to sensitive data. When this is applied to somebody else's data that is on your machine, we call it DRM. When it is applied to *your* data, we call it theft/inspection prevention. Both uses are DRM. The difference lies in whose interests are protected. Unfortunately, we have no means to enable one without enabling the other. Given the problems that have been arising at national borders with laptop inspections, inspection prevention may be very important to have in support of personal liberty. At least in the U.S., the pattern at national borders is in the process of being extended to law enforcement more broadly, and of course, in many countries civil liberties are a matter of underground resistance, and people are routinely killed for having unapproved information on their computers. I suggest that freedom of information is less important than freedom of person. It's not an either-or situation, and the two are certainly connected. I simply point out that there are difficult trade-offs to be considered here in the context of DRM. The second is remote attestation. This is the one that lets us (within limits defined by the cost of attack) build an end-to-end understanding of configurations (therefore security) across machine boundaries. I've seen a bunch of applications for this that seem entirely legitimate. It is probably best if the user can turn attestation off, but this application of TPM does not inherently threaten the propagation of information. Even in the "information is free" model, I still have the right to decide not to tell you something at all based on who I think you are. Finally, I note that the entire debate about TPM/DRM has become irrelevant. The clear fact is that customers voted against DRM on music etc. because it was too cumbersome. Ultimately, enough of the hidden costs of DRM were very apparent to the customers, and they simply stopped buying DRM-protected music. Given that this is true, the presence of DRM support in the TPM becomes a pretty silly thing to argue about, because the market apparently will not "buy in" to the bad uses, and the good uses remain compelling. shap
