Benno wrote:
BitLocker is software. It uses the TPM hardware to verify the boot process. (I'm trying to get more information on that.)
Hi Benno, Verifying the boot process is exactly the problem. Let's buy a machine, say it comes with Windows installed and the "bitlocked" feature on. Now let's install Linux, this installs a bootloader. Let's say the linux bootloader detects Windows and chain loads the Windows bootloader. Now the boot process into Windows was - BIOS - windows boot loader - windows and is now - BIOS - linux boot loader - windows boot loader - windows So if TPM works at all then Windows will spit the dummy and declare that the boot process has been compromised. You can also make a similar argument about the partition table: decreasing the size of the Windows volume should lead to the TPM informing Windows that it has been compromised. This unfortunately does away with the simple hack of allowing dual booting by restoring the Windows' boot loader when wanting to run Windows. The only way out is for some mechanism for Windows to be reauthorised to the TPM after Linux has been installed. I don't know enough about the TPM hardware API to know if Windows has to participate in this (eg, does the API return the checksum, or just an indication that the hardware and software are authorised). Cheers, Glen -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
