[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Some thoughts

From: Jonathan S. Shapiro
Subject: Re: Some thoughts
Date: Wed, 07 Jun 2006 01:20:07 -0400

On Tue, 2006-06-06 at 22:09 +0200, Bas Wijnen wrote:
> On Tue, Jun 06, 2006 at 03:40:07PM +0200, Ludovic Court?s wrote:
> > > Not that I disprove or dismiss the use of TC for OS verification,
> > 
> > Just a bit of nitpicking: TC is not about software verification, but
> > about software *certification*, i.e., certification by a "certification
> > authority".  This is very different.
> That may be what it's meant for, but it's not what it does.  What it does is
> verification (by means of a signature of a trusted (secret) key on the code).
> This verification can (and will) be used for certification, indeed, but the
> hardware doesn't actually do that, and could be used for other things if
> desired (although I don't see any other use for OS verification).

Technically, no. What it does is attestation, not verification. The TPM
does not prohibit any kernel from running. What it does is provide a
strongly credible attestation about what kernel it is.

There *is* a small verification step associated with secure storage, but
I don't think that is what you were referring to above.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]