German Government on “Trusted Computing”

“3. Complete control by device owners
Device owners must be in complete control of (able to manage and monitor) all the trusted computing security systems of their devices. As part of exercising control over their devices, device owners must be able to decide how much of this control to delegate to their users or administrators. Delegating this control to third parties (to the device manufacturer or to hard- or software components of the device) requires conscious and informed consent by the device owner (i.e., also with full awareness of possible limits on availability due to measures taken by the third party to whom control options were delegated).
4. Freedom to decide
When devices are delivered, trusted computing security systems must be deactivated (opt-in principle). Based on the necessary transparency with regard to technical features and content of trusted computing solutions, device owners must be able to make responsible decisions when it comes to product selection, start-up, configuration, operation and shut-down. Deactivation must also be possible later (optout function) and must not have any negative impact on the functioning of hard- and software that does not use trusted computing functions.
5. Public administration, national and public security interests
Because trusted computing security systems are widely used in the private-law mass market, public administration can and should be able to benefit from the availability of cost-effective solutions as well. However, the operation and availability of devices in public administration and in the field of national and public security require the owner’s sole control over the trusted computing security systems on the devices used by the owner. Due to public and national security interests, under no circumstances may the owner be forced to give up control, even partial control, over a trusted computing security system to other third parties outside the public administration’s sphere of influence.”

Federal Government White Paper on Trusted Computing and Secure Boot .

As M$ insists OEMs ship UEFI “Secure Boot” enabled, the German government seemingly intends to ban M$’s OS from now on. That’s great. Trusting M$ with any IT is insane.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology and tagged , , , , . Bookmark the permalink.

3 Responses to German Government on “Trusted Computing”

  1. ram says:

    Now if the motherboard manufacturers made a version of UEFI that allowed the ‘owner’ to load their own keys that may actually be useful. I think many organisations would like to lock down their computers with only software that they trust, i.e. signing with their own key – not somebody elses. Would have interesting effects in the rental market as well I think. Actually any form of UEFI in the rental market is probably fatal.

  2. kozmcrae says:

    Robert Pogson wrote:

    “That’s great. Trusting M$ with any IT is insane.”

    It seems the World is getting its sanity back, waking up from its Microsoft induced stupor.

Leave a Reply