Autor: T.J. Duchene Fecha: A: dng Asunto: Re: [Dng] Packaging system / TPM
On 12/22/2014 12:05 PM, Joe Awni wrote: > >Yep, also Poettering is a big fan and supporter of TPM, and stated on a
> >recent podcast (that was linked in this list I think) something along the
> >lines of "Once we all run systemd, TPM will finally work properly."
> TPM of
> >course is the continuation of the Clipper Chip, but dolled up to get the
> >hard and software vendors behind it. terrible stuff.
>
> Seems off-topic, but i wanted to ask about TPM.
>
> First IMO, A chip TPM is a great security feature for your computer.
> However, If you are clueless about its operation, you can safely
> ignore it.
>
> Will Devuan support any of the advanced crypto security features of
> the TPM?
> (BTW, i have some experiences to set it up if this is desirable [but
> not already planned/in-progress].)
>
> Quite frankly, I hope TPM will largely be ignored.
My primary concern with TPM is not that it is bad (or "evil" as some
would say) is that it is largely the same philosophy as things like
HDMI, AACS, and Protected Media Path. It is not a bad thing when it is
used reasonably, but a terrible mess when taken to extremes or abused
for profit.
An example of a mess would be upgrading your video card, only to
discover that your Blu-Ray software no longer recognizes the card as
being PCP, because the card is newer than the software, thus forcing you
to purchase a whole new setup. Or the AACS system bricking your drive's
ability to playback certain discs, because its decryption key has been
revoked.
An example of TPM gone bad would be the fact that you can structure a
computer system around TPM so that only the manufacturer, rather than
the actual owner of the device decides what software you can use and how.
While in these two cases, it isn't necessarily TPM, people using devices
accept this control ideology blithely today with Apple iOS and Windows
RT. Frankly, it turns my stomach.