Mailing List Archive

Why we need TPM in Linux kernel?
Hi,

I'm worried with the so-called "Treacherous Computing" appearance in
recent Linux kernels. I have read about it on EFF & GNU portals and
can't see any benefits for Free Society by supporting this technology.
Also it looks like this TPM drivers were written by IBM employees. I
suspect IBM pushed this into kernel. I understand what this drivers come
in source form under GPL, anybody can just don't compile them in, but
again what benefits this drivers can bring for casual Linux user?

Regards.

Serge

--
gentoo-security@gentoo.org mailing list
Re: Why we need TPM in Linux kernel? [ In reply to ]
On Wed, Nov 23, 2005 at 02:04:58AM +0300, Serge Koksharov wrote:
> I'm worried with the so-called "Treacherous Computing" appearance in
> recent Linux kernels. I have read about it on EFF & GNU portals and
> can't see any benefits for Free Society by supporting this technology.
> Also it looks like this TPM drivers were written by IBM employees. I
> suspect IBM pushed this into kernel. I understand what this drivers come
> in source form under GPL, anybody can just don't compile them in, but
> again what benefits this drivers can bring for casual Linux user?

This feature can be used to ensure only code signed by the user or
developer can run on a specific system. This would enable enhanced
virus/malware protection, because the evil code wouldn't be signed by a
trusted party.

I don't know much about the technology at this point, but like many
things just because it /can/ be abused doesn't mean it is per se a bad
idea. It can be used to make computing safer, especially in an open
source environment where the uses are freely criticized (IE, nobody is
going to put DRM that you can't disable in the kernel).

-D

--
/--------------- - - - - - -
| Dan Noe, freelance hacker
| http://isomerica.net/
Re: Why we need TPM in Linux kernel? [ In reply to ]
I am worried about binary linux kernel layers more.



--
Int'l Anti-Microsoft Assn. Japan/S'pore Dept.
fsck /dev/urandom;
Taka John Brunkhorst
antiwmac@gmail.com

--
gentoo-security@gentoo.org mailing list
Re: Why we need TPM in Linux kernel? [ In reply to ]
On Tuesday, November 22, 2005 15:15, Dan Noe wrote:
> This would enable enhanced
> virus/malware protection, because the evil code wouldn't be signed by a
> trusted party.
>
> I don't know much about the technology at this point, but like many
> things just because it /can/ be abused doesn't mean it is per se a bad
> idea. It can be used to make computing safer, especially in an open
> source environment where the uses are freely criticized

I agree with the above.

I will never tolerate the use of digital restrictions management technology if
it is required by a third party, however if I wish to use certain aspects of
trusted computing for my own purposes, I welcome the kernel's support of that
technology. Dubious uses of the technology are to be expected by corporations
such as Microsoft, but I believe that it can also be very valuable for
legitimate implementations.


--
Anthony Gorecki
Ectro-Linux Foundation
Re: Re: Why we need TPM in Linux kernel? [ In reply to ]
But who decides what is fair and what is not? It only works if you
retain control... which supposedly you do with linux, but not if there
are binary drivers that you can't examine the source code, or are
incapable of examining the source code because it is too large.


On Tue, 2005-11-22 at 20:52 -0800, Anthony Gorecki wrote:
> On Tuesday, November 22, 2005 15:15, Dan Noe wrote:
> > This would enable enhanced
> > virus/malware protection, because the evil code wouldn't be signed by a
> > trusted party.
> >
> > I don't know much about the technology at this point, but like many
> > things just because it /can/ be abused doesn't mean it is per se a bad
> > idea. It can be used to make computing safer, especially in an open
> > source environment where the uses are freely criticized
>
> I agree with the above.
>
> I will never tolerate the use of digital restrictions management technology if
> it is required by a third party, however if I wish to use certain aspects of
> trusted computing for my own purposes, I welcome the kernel's support of that
> technology. Dubious uses of the technology are to be expected by corporations
> such as Microsoft, but I believe that it can also be very valuable for
> legitimate implementations.
>
>

--
gentoo-security@gentoo.org mailing list