Linux and the Trusted Platform Module
Posted by Ken Y-N on September 28th, 2009 at 02:40pm
There was a very interesting article on The H about the Trusted Platform Module (TPM) under Linux, written by Terry Relph-Knight. It’s a look first at the history of the TPM (I’m pretty sure they are incorrect in saying that all Intel-based Macs come with TPM chips, however), then how the TPM and Linux and Open Source fit together. The article notes this about the GNU General Public License:
The most recent GNU General Public License (GPLv3) specifically states that GPLv3 licensed software is forbidden from running on platforms which require a private signing key, unless the key is freely available to the computer owner; this specifically excludes hardware that uses a TPM. This has been suggested as one of the reasons why, at present, the Linux kernel is sticking with GPLv2.
I think it is only a private code-signing key that is restricted by the GPLv3. Other uses for private keys are OK, otherwise SSL, for instance, would be forbidden.
The conclusion in the article is also worth looking at:
TPM represents a bit of a conundrum; both security and open source are desirable requirements and while TPM provides a high level of security by generating private keys, those keys are known to no-one, including the owner of the PC that is fitted with the TPM. Given that unknown keys provide the highest level of security, this is actually desirable even though it seems to break the rules of strict open source.
The funny thing is that there is probably more TPM-based applications out there that run under Linux rather than Windows!
Leave a Comment for Linux and the Trusted Platform Module