I'm wondering how Mint integrates with TPM (Trusted Platform Module), whether this is secure, and whether there are open source alternatives for trusted computing that can be used.
Any good references/links on this?
Eric
Mint and TPM security
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
-
mn1247
Mint and TPM security
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
-
richyrich
-
DrHu
Re: Mint and TPM security
It has very little to do with securing my computer, more to do with helping a manufacturer control my computer
--so from a user point of view: I bought the hardware and software, I should have control of it
http://www.zdnet.com/article/microsoft- ... ows-8-pcs/#!
It is one of those commercial ideas that are not directed to aid the user in any particular way, but rather to immerse the user into a particular vendor's "ecosystem"
--so from a user point of view: I bought the hardware and software, I should have control of it
- Because I paid for it..
http://www.zdnet.com/article/microsoft- ... ows-8-pcs/#!
- Indeed Microsoft still owns the desktop market. Macs still have less than 5% of the world desktop market according to Gartner and the Linux desktop has proven to be a non-starter, PC vendors will have little choice but to kowtow to Microsoft's Windows 8 demands.
"What does this mean for the end user?" continued Garrett. "Microsoft claims that the customer is in control of their PC. That's true, if by 'customer' they mean 'hardware manufacturer.' The end user is not guaranteed the ability to install extra signing keys in order to securely boot the operating system of their choice. The end user is not guaranteed the ability to disable this functionality. The end user is not guaranteed that their system will include the signing keys that would be required for them to swap their graphics card for one from another vendor, or replace their network card and still be able to netboot, or install a newer SATA controller and have it recognize their hard drive in the firmware. The end user is no longer in control of their PC."
It is one of those commercial ideas that are not directed to aid the user in any particular way, but rather to immerse the user into a particular vendor's "ecosystem"
Re: Mint and TPM security
Text below is copied and pasted from this link: http://www.linux-magazine.com/Online/Fe ... ecure-Boot
"What is the problem is Microsoft’s other requirement for any Windows 8-certified client: The system must support Secure Boot. This hardened boot means that “all firmware and software in the boot process must be signed by a trusted Certificate Authority (CA),” according to Arie van der Hoeven, Microsoft Principal Lead Program Manager."
In my opinion, this whole TPM concept is laughable. Why? I can download just about any Linux .iso file, burn it to a DVD or install it to a USB flash drive, and use it to boot my HP Envy DV7 with Secure Boot enabled in my BIOS settings. And it boots with no warning messages or complaints. And if I was inclined to do something malevolent, I could mount my Windows C:\ system partition and delete my choice of any vital Windows operating system files. Or install viruses/malware/spyware. Or do just about anything I wanted.
This tells me one of two things: either Linux Mint and a whole lot of other Linux distros have a digitally signed certificate located somewhere within the .iso file, or my machine's BIOS only searches for the security certificate when booting from the internal hard drive and does nothing at all when booting from the optical drive or any USB connected device. How's that for secure?
"What is the problem is Microsoft’s other requirement for any Windows 8-certified client: The system must support Secure Boot. This hardened boot means that “all firmware and software in the boot process must be signed by a trusted Certificate Authority (CA),” according to Arie van der Hoeven, Microsoft Principal Lead Program Manager."
In my opinion, this whole TPM concept is laughable. Why? I can download just about any Linux .iso file, burn it to a DVD or install it to a USB flash drive, and use it to boot my HP Envy DV7 with Secure Boot enabled in my BIOS settings. And it boots with no warning messages or complaints. And if I was inclined to do something malevolent, I could mount my Windows C:\ system partition and delete my choice of any vital Windows operating system files. Or install viruses/malware/spyware. Or do just about anything I wanted.
This tells me one of two things: either Linux Mint and a whole lot of other Linux distros have a digitally signed certificate located somewhere within the .iso file, or my machine's BIOS only searches for the security certificate when booting from the internal hard drive and does nothing at all when booting from the optical drive or any USB connected device. How's that for secure?
"When you rise in the morning, give thanks for the light, for your life, for your strength. Give thanks for your food and for the joy of living. If you see no reason to give thanks, the fault lies in yourself." - Tecumseh