[Arm-netbook] TPM backdoor

Derek dlahouss at mtu.edu
Tue Sep 3 00:14:50 BST 2013


 <freebirds <at> fastmail.fm> writes:

> 
>
http://technoblimp.com/2013/08/22/why-does-windows-ship-with-a-backdoor-that-allows-microsoft-and-others-to-remotely-control-your-computer/
> 

Freebirds, you have a fundamental misunderstanding of the technologies about
which you keep spreading Fear, Uncertainty, and Doubt.

The TPM chip is no more or less a smartcard that is soldered to the
motherboard of a computer.  The TPM 2.0 spec is open, and there is nothing
in it that would allow the computer to be taken over by a TPM chip.  It is a
crypto-coprocessor, and a slow one at that.

Your linked articles make TPM sound nefarious.  And indeed, it can be used
that way, much like an iPhone will run whatever Apple puts on it (even
without a TPM).  BUT, if you... if I own the keys to my TPM (which is to say
I generate them and never allow them to leak), then I control my computer. 
The TPM does not store information in a way that allows it to be a virus,
rootkit, etc.  It DOES allow the booting OS to claim that it runs code
directly from Microsoft, in which case the "backdoor" is due to Redmond
code, not TPM.

TrustZone, on ARM, is just another processor mode.  You may as well be
scare-mongering that your shell account on someone else's computer could be
compromised.  If you're running someone else's OS, they have a certain
amount of power over the system.  For a Windows RT device, you can't change
what goes into TrustZone.  For an FSF-Endorsable EOMA68 CPUCard, you damn
well can.  And at that point, even RMS shouldn't have a gripe with that
specific implementaion (even if he continues to oppose the concept.)


I use and endorse the use of TPM on my Linux system because of the
capability it gives me to control MY system.




More information about the arm-netbook mailing list