Talk:Trusted Computing Group
|This article is of interest to the following WikiProjects:|
There are some questions I don't think this article addresses. Like do TPM machines actually exist, or is this vaporware? How do I know if I'm buying one? Even if the full TPM doesn't exist, do current PCs contains components with TPM support and so on. As an outsider it's hard to tell from this article whether it's discussing something real or not.
- in the trusted computing article you will find the naswer to all your questions .Dbiagioli 18:32, 20 July 2007 (UTC)
- Add *Support or *Oppose followed by an optional one sentence explanation, then sign your vote with ~~~~
- Merge with Trusted Computing Group, thus making this a non-problem. Septentrionalis 00:38, 13 October 2005 (UTC)
Isn't AMD's related project called Presidio, to be released in 2006?
A problem with TPM and the "user has control over the system"
The article claims this:
- The owner of a TPM-enabled system has complete control over what software does and doesn't run on their system. This does include the possibility that a system owner would choose to run a version of an operating system that refuses to load unsigned or unlicensed software ... . While there is legitimate concern that OS vendors could use these capabilities to restrict what software would load under their OS (hurting small software companies or open source/shareware/freeware providers, and causing vendor lock-in for some data formats), no OS vendor has yet suggested that this is planned.
The problem? We've seen that in some cases, Windows Vista when configured to be dual boot, with BitLocker, will decide that the environment is no longer trusted, and refuse to boot or unlock the drive.
Does the owner have control over what software runs? Do they have the choice of not running software that locks up if the trust is violated? Is it the case that no OS vender is doing this <bleep>?
Here's the problem: The presence of the TPM facility means that software that you use and trust can decide to use the TPM without telling you, and giving you no ability to recover if you change the environment.
Reading that paragraph in the article, it seems to me to be a "propaganda" paragraph -- it sounds/feels like it was added in by someone trying to present the "pro-company" line in favor of the TPM, and give the implication that the owner still controls the computer, and that TPM does not take anything away from the users. But that claim lacks any justification, and in facts looks to fail in the presence of real world experiences. Keybounce (talk) 01:14, 16 February 2009 (UTC)
- It sounds markety to you because you don't seem to understand the technology. First of all, you have to explicitly enable the use of a TPM chip on a system (i.e. practically nobody ships computers with the TPM enabled). Second, even when it is enabled, the TPM itself has absolutely no inbuilt capability to prevent you from using software. That's not part of the design. All a TPM does is store keys in a secure way.
- When BitLocker is enabled, Vista's startup sequence considers the use of a boot loader that doesn't work with the TPM to be untrusted, and will refuse to boot. In the case of GRUB, you need to use a TPM-enabled version of it; alternatively you can use the Windows Boot Loader and put your third-party system in its list.
- None of these things contradict in any way the paragraph as written in the encyclopedia. Warren -talk- 02:07, 16 February 2009 (UTC)
- The fact is that the only reason TPM can/doesn't limit the target OS is because there is not currently a standard or requirement for such a limitation. In fact the boot process could be IP protected using TPM. Thus, it is incorrect to say that it can't be done.--Riluve (talk) 02:39, 1 February 2010 (UTC)
A problem with "vendor of a TPM-enabled system has complete control"
This is a controversial topic and needs to be treated with accuracy. The statement that "The vendor of a TPM-enabled system has complete control over what software does and does not run on the owner's system" is factually wrong and misleading. I don't feel expert enough to do the edits but an expert should look at these pages.
In particular, I am currently running linux on a TPM enabled system (TPM is turned on in the BIOS), have made modifications to the kernel and the like with no problems. The TPM measures some or all of the boot but does not stop anything from running. I have run Linux kernels that use the TPM to measure the boot and ones that do not - they both work. (I have yet to run a kernel with an unbroken chain of trust to the root.)
However, the problem described above with BitLocker does make sense and is what I would expect. What has happened is that BitLocker is designed to use keys stored in a TPM that are only released on a trusted platform. When the boot loader is altered, the TPM no longer knows that it can trust the boot loader and the it does not release the keys. This mechanism may prevent malware from being installed in the boot loader. Unfortunately I can see that it would also make problems for a legitimate user operating a dual boot. — Preceding unsigned comment added by Turtle59 (talk • contribs) 18:57, 16 January 2015 (UTC)
- This is a poor article if someone just wants to find out quickly what the TCM chip actually is. Basically it is chip integrated onto the motherboard. The chip itself is an embedded computer (with CPU, RAM, Firmware, encryption keys). As it is self-contained in one chip, it is considered a 'secure environment' from where encryption/authentication can take place (e.g. protected any malware that may be present on the computer's OS). The chip can only be communicated with using it's API; crucially, the build-in encryption keys cannot be read or modified in any way by the OS (or by using any physical method).