> -----Original Message----- > From: John R Pierce [mailto:pierce at hogranch.com] > Sent: Sunday, May 19, 2013 17:57 > To: CentOS mailing list > Subject: Re: [CentOS] TPM and secure boot > > On 5/19/2013 2:41 PM, Reindl Harald wrote: > > your question was*clearly* secure boot > > and before UEFI secure boot*nobody* cared about TPM on OS systems > > so basically, you're saying you can't use a TPM to secure a linux > system? hey, saves me a lot of work. I'll tell my boss it can't > be > done. > As seen on LWN http://lwn.net/Articles/549597/ Matthew Garrett has been messing with TPM again http://mjg59.dreamwidth.org/24818.html You can secure a Linux system Quite well using TPM, but it takes work and you need to know the capabilities of your TPM chip... Matthew Garrett indicated that they are not all loaded the same. For the purposes of doing ssl, I am wondering if you need the Endorsement Key (EK), which Matt indicated some chips don't have. I know you *can* get a system all the way through booting from tpm using trusted grub and tpm-luks. Matt indicated that "The Linux kernel has support for measuring each binary run or each module loaded and extending PCRs accordingly", so you can go deeper. Even when this disclaimer is not here: I am not a contracting officer. I do not have authority to make or modify the terms of any contract.