On 24/06/11 20:49, Miloslav Trmač wrote:
On Fri, Jun 24, 2011 at 12:49 PM, Andrew Haley <aph(a)redhat.com>
wrote:
> What I don't understand is why this feature requires a binary blob.
> Surely whatever northbridge code is required can be free software,
> Is this just security through obscurity?
The purpose of the blob is to "measure" the system state; only the
blob (and hardware reset) is allowed to restart the "measuring"
process in the TPM. For this to work securely, the blob must be
signed by someone that the TPM itself trusts - otherwise an attacker
could replace the blob by something that lies about the system state.
So, from a standpoint of hacking, it doesn't matter - users won't have
the practical freedom to modify the blob anyway because they can't
sign it.
What we're saying, then, is that the TPM doesn't trust the owner of
the computer, but its manufacturer. It's impossible for a user to
decide who they trust.
Surely, from a Fedora standpoint, this is a complete non-starter.
Andrew.