From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-163317-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 6E268138CCA
	for <garchives@archives.gentoo.org>; Mon, 30 Mar 2015 09:41:51 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 99B10E0942;
	Mon, 30 Mar 2015 09:41:40 +0000 (UTC)
Received: from mail-ig0-f176.google.com (mail-ig0-f176.google.com [209.85.213.176])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 61011E08FA
	for <gentoo-user@lists.gentoo.org>; Mon, 30 Mar 2015 09:41:39 +0000 (UTC)
Received: by igcxg11 with SMTP id xg11so66893587igc.0
        for <gentoo-user@lists.gentoo.org>; Mon, 30 Mar 2015 02:41:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:date:message-id:subject
         :from:to:content-type;
        bh=gPzEZc/4p2vMTLcZ3D4GoqNfHingPVI9Z1IZJdWNeJE=;
        b=uO0fTyOlyV1eUSjfRB3WgJmOE/RmzZxA+QdRgO9Votd58PWkNEQmODXvASZIbA9vnl
         BLqUIX6aIFNxEG+qAzzV+5B9Rr3ZjKScwnK63Cg4wNztnHuYz4xe0Mu4yl6Qt/fJYHVu
         GaVeNtkX4oAKGCMpYp8aM0DuBDG7rQjRx+toNoPCDHd5vbKPqdWBhsTCWBuFM6W1ujzg
         5yUMxX6qOThdVjGgDjNZYJc4kbEYbqH58Wt1JB/1spDuWs2lbcwHE4pGac1e3Ht6SeNU
         HJ70OrgWMFbJY+Tvq6+oxJNgxhiUsOgeYIUsMO27TR9ueRSfFKqxvokl+5moN5s1cwyK
         cS4g==
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
X-Received: by 10.43.14.10 with SMTP id po10mr58460250icb.64.1427708498685;
 Mon, 30 Mar 2015 02:41:38 -0700 (PDT)
Sender: freemanrich@gmail.com
Received: by 10.107.48.198 with HTTP; Mon, 30 Mar 2015 02:41:38 -0700 (PDT)
In-Reply-To: <201503300910.05657.michaelkintzios@gmail.com>
References: <20150321152656.a82a84b3e8a32c8b68554548@gmail.com>
	<20150330003221.GA12204@waltdnes.org>
	<CAGfcS_ndrxrahHr=T_=NX7s9OXCxo=3nFvDTpPVhczFdw9HeRQ@mail.gmail.com>
	<201503300910.05657.michaelkintzios@gmail.com>
Date: Mon, 30 Mar 2015 05:41:38 -0400
X-Google-Sender-Auth: rNYUgFC6QJZ9P8EeoiRjgBEYtY8
Message-ID: <CAGfcS_=LS12wxYmY1bpjaCdVD5wqZWkDb=-qxNLBHcJk-zZ=Sg@mail.gmail.com>
Subject: Re: [gentoo-user] How to poweroff the system from user?
From: Rich Freeman <rich0@gentoo.org>
To: gentoo-user@lists.gentoo.org
Content-Type: text/plain; charset=UTF-8
X-Archives-Salt: 74f3d544-089f-4f1d-8eac-b7649647b0b6
X-Archives-Hash: 26da35339cbd0792d161d2f7a3d57b19

On Mon, Mar 30, 2015 at 4:09 AM, Mick <michaelkintzios@gmail.com> wrote:
> On Monday 30 Mar 2015 01:52:14 Rich Freeman wrote:
>> On Sun, Mar 29, 2015 at 8:32 PM, Walter Dnes <waltdnes@waltdnes.org> wrote:
>> >   Be careful what you wish for.  I have my doubts that TPM chips would
>> >
>> > boot linux with Microsoft offering "volume discounts" to OEMS.  Call me
>> > cynical.
>>
>> TPM chips don't control what boots.  They just accept the hash of the
>> bootloader reported by the firmware and store it (and that is it as
>> far as the OEM's contribution to the process).
>
> Rich, the problem with TPM as I understand it is that the private key in the
> TPM chip is not yours, generated on your trusted platform, but the TPM
> manufacturer's and is burned into the TPM chip at the time of production.  If
> the TPM OEMs are in US or within the sphere of influence of the US, then I
> would consider this key as good as compromised.

As far as I'm aware, using a TPM for full-disk encryption does not
rely on any keys pre-installed in the TPM.  Typically you install your
own key or have the TPM generate one for you.  All the TPM does is
refuse to divulge the key unless the firmware reported that the
bootloader hash matches what you told it to look out for, and the
bootloader reported that the kernel hash matches what you told it to
look for (and you can go beyond that, but only if you are using a
distro that signs its userspace, which I believe is a direction RedHat
is going).

However, if the TPM or firmware has a back-door, then I'll certainly
grant that the NSA can read your hard drive.  They don't even need to
compromise the TPM - the firmware alone is capable of compromising the
trusted boot path.  It just needs to tell the TPM that it booted your
trusted bootloader when it really booted something else.

Securing your system isn't really about keeping the NSA out.  If they
want in, they're probably already in.  Sure, it might be
hypothetically possible to keep them out, but it would take far more
effort than almost anybody is going to be willing to put in.  A TPM
will likely do a very effective job at keeping the 99.9999999% of
people on the Earth who aren't the NSA out, which seems to be good
enough for just about every company on the planet, since most secure
their laptops with TPMs.

-- 
Rich