From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-163309-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id D0EA6138CCA
	for <garchives@archives.gentoo.org>; Mon, 30 Mar 2015 08:00:43 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id B2EC1E08EA;
	Mon, 30 Mar 2015 08:00:37 +0000 (UTC)
Received: from mail-wg0-f47.google.com (mail-wg0-f47.google.com [74.125.82.47])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 90407E08A5
	for <gentoo-user@lists.gentoo.org>; Mon, 30 Mar 2015 08:00:36 +0000 (UTC)
Received: by wgbgs4 with SMTP id gs4so72529180wgb.0
        for <gentoo-user@lists.gentoo.org>; Mon, 30 Mar 2015 01:00:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=from:reply-to:to:subject:date:user-agent:references:in-reply-to
         :mime-version:content-type:content-transfer-encoding:message-id;
        bh=tlZy3jfL14evV+vaa6/WuWnSsExKc5Oy0VWB87KI1FM=;
        b=DFzc3bPiMuQhc2KOX7uPQE3wpsxqVU1QBCK5WU5AwQVFMw9IkhOOaVx3S8FZdq7kBl
         elaYkSWohxuF/qNtqHgwUfuBGo5a3TtOkyT9BtoB63MDPK7NtHGjh1hhnAmDmT6gFw8Y
         OBR1OvdlLLNCWglOnmf28biNIdXeGTzFluFuxrVkcBWtGlUsAEGFjCQyZz/nYI02Ja7P
         2q7L/rM/qMfhfAd81VbWxUHcZ/55VY1z1R1+MG9OsjhtG+seViH744O9EZ1kxVicIo0f
         q4RzdfSH22UlwGj7oFSEv78Iank1lQFaE9y7K0sbnR5LGPYvuZ8+fu5LDjOd7g6MUpju
         O+6w==
X-Received: by 10.194.86.135 with SMTP id p7mr61686157wjz.89.1427702435363;
        Mon, 30 Mar 2015 01:00:35 -0700 (PDT)
Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230])
        by mx.google.com with ESMTPSA id fm10sm14534911wib.7.2015.03.30.01.00.33
        for <gentoo-user@lists.gentoo.org>
        (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
        Mon, 30 Mar 2015 01:00:34 -0700 (PDT)
From: Mick <michaelkintzios@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] How to poweroff the system from user?
Date: Mon, 30 Mar 2015 09:00:21 +0100
User-Agent: KMail/1.13.7 (Linux/3.18.9-gentoo; KDE/4.14.3; x86_64; ; )
References: <20150321152656.a82a84b3e8a32c8b68554548@gmail.com> <CAGfcS_mh5Fu-jAKrrfFqOJjDuAxHTr0Ld8EeEh4f4_QCCiQNRQ@mail.gmail.com> <20150330003221.GA12204@waltdnes.org>
In-Reply-To: <20150330003221.GA12204@waltdnes.org>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart26442641.CBcohGqqO3";
  protocol="application/pgp-signature";
  micalg=pgp-sha256
Content-Transfer-Encoding: 7bit
Message-Id: <201503300900.30713.michaelkintzios@gmail.com>
X-Archives-Salt: 7eb36d3c-2b79-4b9b-bb80-8175d886e55e
X-Archives-Hash: 321d2cac9badcfec93da595401ee86e2

--nextPart26442641.CBcohGqqO3
Content-Type: Text/Plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable

On Monday 30 Mar 2015 01:32:21 Walter Dnes wrote:
> On Sun, Mar 29, 2015 at 03:30:07PM -0400, Rich Freeman wrote
>=20
> > With TPM, full-disk encryption, and a verified boot path, you could
> > actually protect against that scenario (they'd have to tear apart the
> > TPM chip and try to access the non-volatile storage directly, and the
> > chips are specifically designed to defeat this).  Secure boot would
> > not hurt either (with your own keys).  Of course, they could still try
> > to hack in via USB/PCI/etc, or plant keyloggers and such.  I'm not
> > suggesting physical security isn't important.  It just isn't a good
> > reason to completely neglect console security.
>=20
>   Be careful what you wish for.  I have my doubts that TPM chips would
> boot linux with Microsoft offering "volume discounts" to OEMS.  Call me
> cynical.

Well, yes, post Snowden revelations we can reasonably suspect that the TPM=
=20
OEMs have degraded the randomness of the chip sufficiently for spooks to be=
=20
able to crack your keys.

=2D-=20
Regards,
Mick

--nextPart26442641.CBcohGqqO3
Content-Type: application/pgp-signature; name=signature.asc 
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAABCAAGBQJVGQKeAAoJELAdA+zwE4Yey2cH/j1aHnMlYLoYKm82sdWmdmv/
VTytx+ydA54dd2a2yvURFLDdXiNTUNzIl5ZqA4GY2TISStlGgaAry7MQVEzU9qEZ
odK5EKCP21CaMoBTTEavatzMU5Ryk1enwOkYYoNKVKtykbajKIYLPqD2Ddtq6jtK
5fl/R4pfIff+s7r6SPmMniNqSEWROn5/dhhyGDDbj9yGb0kmoV/4ojwOGO9NoI8y
Z1PDbsNYIinmQmrNY9/sDLPYWmYQBIK3dkJqT7HIDQYqdBrorXXfSJHL4Qw4qevA
qZI0d5p7NXeeD9zP04E1pSvNSl4DcV2iQ/0y3vi8Vb0evQUXNV9P92tHiNfZMw0=
=hU4N
-----END PGP SIGNATURE-----

--nextPart26442641.CBcohGqqO3--