Talk:Trusted Computing Group/Archives/2015

A problem with "vendor of a TPM-enabled system has complete control"
This is a controversial topic and needs to be treated with accuracy. The statement that "The vendor of a TPM-enabled system has complete control over what software does and does not run on the owner's system" is factually wrong and misleading. I don't feel expert enough to do the edits but an expert should look at these pages. In particular, I am currently running linux on a TPM enabled system (TPM is turned on in the BIOS), have made modifications to the kernel and the like with no problems. The TPM measures some or all of the boot but does not stop anything from running. I have run Linux kernels that use the TPM to measure the boot and ones that do not - they both work. (I have yet to run a kernel with an unbroken chain of trust to the root.)

However, the problem described above with BitLocker does make sense and is what I would expect. What has happened is that BitLocker is designed to use keys stored in a TPM that are only released on a trusted platform. When the boot loader is altered, the TPM no longer knows that it can trust the boot loader and the it does not release the keys. This mechanism may prevent malware from being installed in the boot loader. Unfortunately I can see that it would also make problems for a legitimate user operating a dual boot. — Preceding unsigned comment added by Turtle59 (talk • contribs) 18:57, 16 January 2015 (UTC)