On Thu, 2007-05-10 at 09:12 -0400, simo wrote:
On Thu, 2007-05-10 at 14:46 +0200, arc wrote:
Consider the fact that the majority of people unaware of this dangers are Windows users, not GNU users.
And tc in combination with proprietary software... you know. :)
The TC in ThinkPads need proprietary software do be really dangerous, but that's not the TPM Stallman fears. That's Palladium (or whatever the last name) where even Free Software wouldn't make any difference, because the control starts at boot in hardware before any software is loaded.
Simo - just to be clear, if we're talking specifically about the TC in Thinkpads, it might be theoretically possible to use them in such a scenario, but the way they come out of the factory it would be very difficult. There is no root certificate or chain of trust that you could turn no, nor no private key that Microsoft (or whoever) could use to sign a kernel that would be the only one allowed to boot. They basically come as empty containers.
Of course, you could maybe ship a custom bios that uses the TPM chip in the Thinkpad to store keys that do check the boot software, but if you're doing that you don't actually need the TPM chip - you can do basically the same thing in the BIOS (witness the problems using non-IBM wifi cards in Thinkpads).
And you're right, the proposed Palladium system is not what is in Thinkpads - different chip, different idea, and I don't for one second support that kind of scenario.
I think people should be less concerned about supposed problems with TPM chips and more concerned with stuff like UEFI which actually does threaten users' control over their machines, e.g.:
http://fosdem.org/2007/interview/ronald+g+minnich
Unlike Palladium, you can actually buy hardware with this stuff in (for example, Macs).
Cheers,
Alex.