The Future of Trusted Linux Computing

ttttt writes "MadPenguin.org tackles the idea of Trusted Computing in its latest column. According to author Matt Hartley, the idea of TC is quite reasonable; offering a locked-down environment offers several advantages to system administrators with possibly troublesome users. 'With the absence of proprietary code in the mix users will find themselves more inclined to trust their own administrators to make the best choices ... And so long as any controlled environment is left with checks and balances [like] the option for withdrawal should a school or business wish to opt out, then more power to those who want a closed off TC in an open source world." LWN.net has an older but slightly more balanced look at the TC approach.

If the owner controlls all the keys, its fine

[jonwil]

There is nothing wrong with hardware assisted security if the owner controls all the keys and nothing can touch the trusted hardware without the owner specifically installing it (i.e. logging in as root/administrator and changing things).

Trusted Computing is only bad if the owner of the hardware does not have control over the software on the machine, the hardware keys etc.

Re:What does Trusted Computing mean?

[cpuh0g]

You do not understand trusted computing. It is not about locking down your system.

It is a common fallacy that the primary goal of trusted computing is to enable DRM so the movie studios/RIAA controls your computer. This is simply not true. Trusted computing provides methods by which you, the owner and administrator of your computer, can KNOW, by having a chain of trust that is anchored by keys securely stored on a TPM chip soldered to the motherboard, that the software and hardware in your system has not been tampered with. One *could* use this to enable DRM or other user-unfriendly schemes, but there are many other use cases for trusted computing. Think e-commerce where you can verify the other system and it can verify yours to make sure neither end has been compromised prior to making a transaction.

Policy decisions are made based on the measurements that are returned by the verification process. Trusted Computing does not dictate the policies. If someone (or some company) wants to abuse the system and lock people out of their systems, then that would be bad policy and a bad implementation of TC concepts, but it doesn't mean that all TC applications are bad or are designed to restrict the user's ability to manage their systems as they see fit.

Re:What does Trusted Computing mean?

[Cyberax]

No, "trusted computing" means that hardware can guarantee the integrity of the environment. For example, I'd like to use TPM chip in my Thinkpad to guarantee that my machine will boot only kernels signed with MY key. Also, I very much like the hardware keyring.

Trusted computing is only a problem when YOU are not the owner of the machine and don't have the full control over the TPM module on a new computer (of course, once TPM is set up - it shouldn't be possible to change it without owner's keys).

Re:If the owner controlls all the keys, its fine

[Anonymous Coward]

Trusted Computing is only bad if the owner of the hardware does not have control over the software on the machine, the hardware keys etc.

The only problem is that the whole point of Trusted Computing is to keep the keys used to attest to the state of the PCR completely unavailable to the user. Read the spec: https://www.trustedcomputinggroup.org/specs/TPM/ [trustedcom...ggroup.org]