Miguel Bazdresch miguel at
Wed Feb 26 05:23:31 PST 2003

* Rob Park <rbpark-NOSPAM at> [03-0226 13:04]:
> Alas! R. Bosch spake thus:
> > This would make LFS VERY secure since it was based on *YOUR* system,
> > and not someone elses...
> No, this would abolish LFS outright.
> The idea is that you can only run software that has been digitally
> signed by some certificate authority (almost certain to be MS
> themselves).

Just adding my thoughts to the discussion here...

I'm trying to follow the TCPA stuff very closely because I develop my
own software. For example, I need to run simulations for my PhD,
simulations I have to code myself. I have other software projects as
well, and I *need* to be able to change the code and recompile basically
a dozen times a day. I'll probably need to do this for the rest of my
professional life.

This goes beyond Linux and LFS for me: my need to have my own software
is the same no matter what OS I use.

I still don't understand the implications of TCPA for me, in this sense.
I believe there are two features that will be key:

- Can it be turned off? Something along the lines of a BIOS setting. For
  people who want to risk an unprotected machine (like us).

- If it can't be turned off, then who gets to sign software? Let's say I
  could ask my chipset manufacturer for a certificate, and it would be
free. Or the motherboard would come with a CD containing a certificate.
Annoying but no big deal, at least for software that I don't need to run
in multiple machines. Anything beyond that will probably force me to
change career plans.

My contingency plan is: at the first sign that the new hardware will be
overly restrictive, I plan to empty my savings account buying enough 
current hardware to last me at least ten years. After that, who knows. 
Or, switch to ARM or Apple (if they stay out of TCPA).
Miguel Bazdresch
Unsubscribe: send email to listar at
and put 'unsubscribe lfs-chat' in the subject header of the message

More information about the lfs-chat mailing list