From owner-freebsd-hackers@freebsd.org Tue Oct 24 05:36:17 2017 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4D0A2E406B8; Tue, 24 Oct 2017 05:36:17 +0000 (UTC) (envelope-from sjg@juniper.net) Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0099.outbound.protection.outlook.com [104.47.32.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DB8AD70EB9; Tue, 24 Oct 2017 05:36:16 +0000 (UTC) (envelope-from sjg@juniper.net) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=n9QGnuj06Hd8EG54hzk1d4fKF58K1Lmhu1c6djbxGpw=; b=HZT0am190B0YUaq8u8VWNr2SzMICpX9qawX8DHeaucvM0jfKBoHcrk8JRRHd0PbqBLrusyqfJf5vDnkhBwJK2SEFDU4kzHH6Yo1gU0XD4q9EtHyvlP2hmU3SRp7dfXWYy1sgI/mnuZY9l+zyH3US1gC4GdfSL9tUCTph6gUqIdE= Received: from CO2PR05CA0061.namprd05.prod.outlook.com (10.166.88.157) by DM5PR05MB3611.namprd05.prod.outlook.com (10.174.243.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.178.3; Tue, 24 Oct 2017 05:36:15 +0000 Received: from DM3NAM05FT038.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e51::205) by CO2PR05CA0061.outlook.office365.com (2603:10b6:102:2::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.178.3 via Frontend Transport; Tue, 24 Oct 2017 05:36:14 +0000 Authentication-Results: spf=softfail (sender IP is 66.129.239.12) smtp.mailfrom=juniper.net; freebsd.org; dkim=none (message not signed) header.d=none;freebsd.org; dmarc=fail action=none header.from=juniper.net; Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender) Received: from p-emfe01a-sac.jnpr.net (66.129.239.12) by DM3NAM05FT038.mail.protection.outlook.com (10.152.98.151) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256) id 15.20.156.4 via Frontend Transport; Tue, 24 Oct 2017 05:36:14 +0000 Received: from p-mailhub01.juniper.net (10.47.226.20) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Mon, 23 Oct 2017 22:36:13 -0700 Received: from kaos.jnpr.net (kaos.jnpr.net [172.21.30.60]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id v9O5aCo1011296; Mon, 23 Oct 2017 22:36:12 -0700 (envelope-from sjg@juniper.net) Received: from kaos.jnpr.net (localhost [127.0.0.1]) by kaos.jnpr.net (Postfix) with ESMTP id D504A385567; Mon, 23 Oct 2017 22:36:12 -0700 (PDT) To: Rozhuk Ivan CC: Eric McCorkle , "freebsd-hackers@freebsd.org" , , Subject: Re: Trust system write-up In-Reply-To: <20171024040925.1918f3cb@rimwks> References: <1a9bbbf6-d975-0e77-b199-eb1ec0486c8a@metricspace.net> <20171023071120.GA72383@blogreen.org> <67125.1508777074@kaos.jnpr.net> <20171024040925.1918f3cb@rimwks> Comments: In-reply-to: Rozhuk Ivan message dated "Tue, 24 Oct 2017 04:09:25 +0300." From: "Simon J. Gerraty" X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 25.2.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <78907.1508823372.1@kaos.jnpr.net> Content-Transfer-Encoding: quoted-printable Date: Mon, 23 Oct 2017 22:36:12 -0700 Message-ID: <78908.1508823372@kaos.jnpr.net> X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:66.129.239.12; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(346002)(376002)(39860400002)(2980300002)(189002)(199003)(24454002)(53936002)(478600001)(2906002)(105596002)(316002)(2810700001)(106466001)(93886005)(68736007)(77096006)(54906003)(69596002)(53416004)(229853002)(107886003)(6246003)(46406003)(97736004)(6266002)(76506005)(4326008)(39060400002)(7696004)(81166006)(8936002)(81156014)(8746002)(9686003)(50986999)(305945005)(356003)(76176999)(97756001)(5660300001)(7126002)(6916009)(2950100002)(117636001)(50466002)(97876018)(86362001)(189998001)(23726003)(47776003)(8676002)(50226002)(55016002)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR05MB3611; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; DM3NAM05FT038; 1:a5WSeGAiCO1091HKG423vyan7LI1rI7quAjO/mDJ4bB+Esq8bdGO2BQhzxChlJZGWXhWjjcOgeuZkVy1ORFujVr0WOXOSiKQsyKg9V/ypeCKslksky1abMerdxGJofSy X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 8578b3da-6ddc-4d7d-c163-08d51aa12460 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627075)(201703031133081)(201702281549075)(2017052603199); SRVR:DM5PR05MB3611; X-Microsoft-Exchange-Diagnostics: 1; DM5PR05MB3611; 3:+vlqRFdr3FlR2ep+8J/TkWSzLeHh2kM6hm4Q51Y3+vECqdhcasb6IWRkWPxbnbH2G062JZHS0coWLXNde6//06gwvDywoJEH8ou1ZYLyY1cljOQZLa1F2mwzs5wKzpLbotQxCRt4y+L0fPSGnBh+PLP++O75UedSefb6wZ+3hBZtbmUezU1ZtY9ybG/7/PlWP20+zI9gV/fbRu5jQvZrUCUvG1olI3uHEdXEyK0V0d2/yox0VXCOa0zctqM9ZFSde9hA9oZgyexIGDKxOxlJe/0kV3+fzsU/Bg+LK3mn8gJnwzCjxyWLMxquUEJwWzdYxLMxoOWMPvGp0kxEJE6Mlsui5pjFIQNcIP8x67mtXlw=; 25:pAYFITFQJEW2iGKDXn2G39rzYHr9DtSm0/70PQe4wsknbsrHLisy+TDIspH9Qob7pHhA4OaEO2PzTaYFVL+65BysmoCdS0YDVJoN/vZybK1Dvew1OlVq+kBfPvfF7KVbnRV+uLP8SkzeYAFDMCIfZ56oP4IBvj2oKVl4xOo5Dxp9TEzCLvj4i+k+xfbx//Thke1XN0ndkGBMiLgYxRoojh57Nz0h41q4+Q6LZX7ZAwgH127NC9hNlrBpacGU/iY34Td1JnjBY9hU469ERL9UKXBeOY1iG19UpKS8Ni5qbDCb45IDZf4vEyGRqlo7R4cKnkVHp/hQmCy9EnhCKe+7rw== X-MS-TrafficTypeDiagnostic: DM5PR05MB3611: X-Microsoft-Exchange-Diagnostics: 1; DM5PR05MB3611; 31:lYyVxan4FEY7dws6r5zahNwzmY5v+bwel5YUcIBDppIueRcecTalYwejKDuTe2gcqeN8Zk5vEPpMNJqi+qCDAg+Xv0hSLsrVx526Nv24Gm9z9NxW+uvr8PnAeaRzCAWJi2c+9Mno+IhXmoxTSzGS0oYdduWriJ0oBbcK78z5uV42CxdZ/sSC10+ofgXXbilLfDvtnAYRO7GMENR+zkIadE8u281RKP2sI3QWNdWkOPo=; 20:9vV2PuzwtztyHwdI3RmVsCRJZ6Bw07cNnILl8WHIC1JS8cxa9RCEZDh2tftrEZVNC7mU7KrmxZWUlDMxKN7OUMe4hbfZAXI1pEF8tKs4dtP6ETg2HMk/omjChj0g4w8qX0RAbv/v3RaErnY8ktZZ1Hk2oNtqKoqocqGBB0ObFArvCQSNsU3LdKs0JI2X+UCailH7gqA2k6fqV/XlwKROqlQQcIYcXpmJRM8AJz2nsRFEDN738S1CobcNSOwv2FHmSWoi8z9hM4LEdc0hkVwrLBSa9CkRdmuesAGH2J3t4AZLAY2zg6Ur1pmqZZwge1I7pudeS73kNO9B4QwB584+m0FMwdJuw+/jXmRMhBOdol89dtSuvmgpCtp5wk5DN/zHUtqgy1FIoY3qD3bIVNjLa1qL/P4hnxx27dWFqd80/4WAlb7rVSN5p4yLeCvxi+irpOx8JCPutFSO5D/1YoALr046EyfzYm/3xjCqFxrraKsqGMHwKRjpVjTuUQW8pNdv X-Exchange-Antispam-Report-Test: UriScan:(138986009662008)(17755550239193); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(10201501046)(3002001)(3231020)(100000703101)(100105400095)(93006095)(93003095)(6055026)(6041248)(20161123560025)(20161123558100)(20161123555025)(20161123564025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM5PR05MB3611; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM5PR05MB3611; X-Microsoft-Exchange-Diagnostics: 1; DM5PR05MB3611; 4:gPOtEK2mSJFiDlCl1KHFIkbJPDfZpLbukkrWx7FWl8hSr8xrdV/eAcEi51i3zbJ5z1jfb8BIl7UEMPDXQHSItnDIkSUbbCzj4INpR+L2ihaIJLaT8EmxjtwBkboY6bQUFRXlFvkCcyry6+i/HFPdvewzgIiCwxuH7xEDPXepRUaX1FWkuidLG13oCTNSQdjuOxDyNjC4rEauMWtGJr2TxDjYFpikcm7wcF1l3KojMfidjbkEybiYdUMoFQdvwcUiR3qYQMau4OOaMyA5rbXNcxyeFerol652pt+gc2Yx7xug6hNKvogOd0jcAMvdiahQj9BYEvg6auxR3HCCM+17CbHKC44S2RjUG0m5bMXM39A= X-Forefront-PRVS: 047001DADA X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM5PR05MB3611; 23:db3/GBvjFV/GtOjNeWU0IG7mLCkGUjtL0QLnXHvwp?= =?us-ascii?Q?fU/xTg/LDtfF4uA2bH8mFjmiS8cwVyNhL+Kf5+bbF4nL/C1Widu+2bNgcWi6?= =?us-ascii?Q?VVr59uGXIAKlyqKzSs/7We+ip/osr8jbIyYRnBDTu+AtHkLNqmrqboRedI25?= =?us-ascii?Q?hX9yshxH+PEcE74I6TKp/3Rec3Hrlnr5CbBx4/umMpGjUgbpX29CdPPxF1YG?= =?us-ascii?Q?7x103+G0rbrD+iO+TF1nClI9bHfGSOHBeDa+YxyMmgAvOGxWocg7LsFK6thy?= =?us-ascii?Q?Vei5tvTbD5/RgBffE2OzFaZHdwLOXe0Y7J6q5q5J+CY5Az6bZ772mwfbc0p7?= =?us-ascii?Q?9xRPWduDhr6S2UeQpS/gZI7fWxl9cRHtm6DBT+3mH57gFcctvaMj3FH4hCQX?= =?us-ascii?Q?PrDHU2SN8ybGGT6Fev1HJnARaB/i1uVmq/B6QLci1QJn1Uc7jWGFw3enPkXT?= =?us-ascii?Q?cA2G2WHogTfKCOZG4aSxOzH9LCUEcx5+rx/+jZRBhRR2FHywmIeZ/hTwsa3x?= =?us-ascii?Q?DqdaRc6s2sonof+JBMDVdc0tfPHA0aP3in9jVB+1wPjdC8TpsFVc9/8+k9ra?= =?us-ascii?Q?LNAv2ACzxBHMBSL4XU7WRZQQHIMXYB8W8DQgQDLrKpujyBHxBpUIzNxqXmzr?= =?us-ascii?Q?Euua2g7sDVENhO0tWC11xpx+hYqxsDd8mUB3TJ+321IasZuixsk7wq99TZOv?= =?us-ascii?Q?1dLKzlCs4Hd35Cq5GDoMVDh3Ep4llrUo+kvzQZKH8zZdxOJZrzl1FCeqz6yt?= =?us-ascii?Q?eEzFDGzToAcMwWRWJlMqQ/XBv48Wc+JFDi4dfDDj2S0IieaqT1Ijn0Hlzd2r?= =?us-ascii?Q?17Fzqwqa3D7FHhXAvdH0bsdupt9IxizSzXDYml8YTbMiMrQ5Viky8/ch1qSH?= =?us-ascii?Q?yMAAzILnwarM70rsGNf1vAZw1h7aSZ71LBnyCQKNFu55HzF87BJCPR8mOpYJ?= =?us-ascii?Q?as1CoEIlrjiwFwVUvMPO7Hguvh+ApdwRgeyeuSpudeQfe/K0NapW9RoSD/bS?= =?us-ascii?Q?qFR1fkKjp2ehjqSkhKNx8BPZ0L/lJ4YtmbcTIxoYE7v8XAKZopQ1TQavSG6O?= =?us-ascii?Q?KlaA6RbO8xungz7tYhYBqHlUFFBSoVP43lioszygYO2zbPt6zDxjN2m40uz9?= =?us-ascii?Q?Q2aMvD1XkNqdeuAEOi4/Y27aW4UKhtc3A8Ds567W8vEBHGiNM8TrZD3s7nsR?= =?us-ascii?Q?DXuCSvAGb/xw52iEKEVwptF0RlvJD9s4ON53FaVIhxfG8EfKX0pqrc9/JMDo?= =?us-ascii?Q?lXRhW//rh08g0IvK7hLXfniA0sL5hAWpQrRPZQOCY+iezIG/WKBs6Gef97uK?= =?us-ascii?Q?+w6/ivc8PJao78QlP9viNA=3D?= X-Microsoft-Exchange-Diagnostics: 1; DM5PR05MB3611; 6:tEK9QLRGR7jpA44f6IIPsc+CdeHxEQWHxGM6uZmRtQotzfOqQ5OJwv9O3OVzTpmfZUxaedgRj8QMqbnyJQ44fD3KjiPw3W6FyogddeJ/imxCogMoi03kq5q+5kAgF0DXWDJG7mA8H3Jqk/jAP/s1Q1zMhUL0euhJ6fvRwIhcHzdwhUnsCYRXC0WNipowKdxAQRj34PX0il7P8ggPZpWVY9wgDS/polIvPm+FRFZVvDhPaZ7MHpEqbYKWO0USyK8VXICNT+M4iYPX9xaay24HPu+sU6PTvo70EXFbrA8cp/RsgIrE4cUZrvWI+jygZh/dDgLXFwTEPymglbWx4yIyoVfDE8NnhDknFLaFmmGU6RI=; 5:SAQ6+XN+16MhtWwnbNGKsa3veB1syjsmcCJJavr3wcEnAhsDLraDPgcIBgbxeveSLl0KcThBN40gFw9xAQhRiv3JI4SXIndmXmVP5n+E3hn3RZ9Kq1X3EFFdkJryUMRpgGBAX/jEBrKMGG/FjFNe/fSM0ICZUVkU3FftHT7bf6I=; 24:klQ/txdLF123I9IHDAvqxfDIbReNNUCrTu+OSBeXXvU5YHwsBnk7+VMoknnbjR6BeqwCZrVapq7JJtmAVlODCrvy4Wa2inQa7b3dCyQJB4I=; 7:bobh1t4seV7b3UkhjGpmPUXLMcwVNNqT96pGcJ+0lZEl6iqGIBtOtrxDjoeJQ5kD4Ij2/IU//Aq7buMkJppCCBcD25hpUK3/rkK3FRg4NfHpTclTdvcY7pDyvAqCvPeKRFEvSDqK5eKBWI2WSXN5yFbp+cYXBtq+G4Un1Rgc/dTm8jSkMmB3cMST7wTtwp3eAD0MnY08FpmygI8bSYlcD6kFi0VoptorW6W5crDk9mtOIJvgAMqIVi78BKzI1Tls SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: juniper.net X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Oct 2017 05:36:14.2045 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8578b3da-6ddc-4d7d-c163-08d51aa12460 X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[p-emfe01a-sac.jnpr.net] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR05MB3611 X-Mailman-Approved-At: Tue, 24 Oct 2017 10:08:08 +0000 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Oct 2017 05:36:17 -0000 Rozhuk Ivan wrote: > On Mon, 23 Oct 2017 09:44:34 -0700 > "Simon J. Gerraty" wrote: > = > > With the advent of secure boot and TPM's, there is potentially scope > > to allow for mixed control. > = > TPM is closed hardware and software: you dont know what inside and how i= t works. I'm talking about the TPMs we put on our boards - we know what is in them.