Building hardware-based security with a Trusted Platform Module (TPM)

The Discussion

• 

  Let me translate from Microsoftese to English:
  
  "Secure Boot prevents running an unknown OS loader" translates to "Muahahahaha!!! Take that, you Linux lusers! No more freedom for you lot!"
  

• 

  Is (E)LILO or GRUB considered to be a "verified OS loader" ?
  How do I boot Linux with secure booting?

• 

  So if I have ripping software, debuggers, decompilers or reverse engineering software installed on my system, then the "attestation service" will deem my system to not be "secure" ?

• 

  I want to have ownership of the TPM.
  I do NOT want Microsoft or any OEM to have ownership of the TPM.

• 

  NOTE TO HARDWARE VENDORS:
  
  I am in charge of buying hardware at my (small) company. We buy several tens of thousands of dollars of PC hardware per year... not a lot in the big scheme of things, but a lot for a small company.
  
  We will UNDER NO CIRCUMSTANCES purchase any hardware that does not allow us to install Linux. So those hardware vendors who want to be Windows 8 compliant, think very carefully. If you don't provide a way to disable bootloader verification or allow end-users to insert their own verification keys, you will not get our business.
  
  I encourage anyone else in this position to post here.
  

• 

  Hands of my hardware.

• 

  If there is an option to install keys of the owner's choice, and remove default keys (Microsoft's key will become a prime target for mafias and rogue states), this is a minor but welcome security improvement. If not, it's a reason to spend your money somewhere else.

• 

  Seriously, y'all. YOU own your own TPM. Not MSFT, not OEM. YOU set it up and provision it the way you want. You decide what sw is acceptable to you. This is a terrific step forward for PC security.