[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TPM unusable for DRM
Re: TPM unusable for DRM
Wed, 15 Nov 2006 01:07:09 +0300
Thunderbird 188.8.131.52 (Windows/20061025)
Emmanuel> So my first question is : how does the local software has
Emmanuel> to proceed, in order to check that the endorsement key
Emmanuel> he got from the kernel was really provided by the TPM?
Emmanuel> My other question is : how does the software knows
Emmanuel> that this endorsement key is acceptable?
Anton> Do you think it could go like this:
Anton> Imagine company FCK sells DRM protected video.
Anton> To use their video you've got to pass though
Anton> 'attest your computer' online procedure.
Anton> During this procedure your give FCK the following
Anton>data provided by your TPM
Anton> * public part of your TPM's current AIK (attestation key)
Anton> * your TPM's PUBEK (public part of it's endorsement key)
Anton> * current collection of PCR registers
Anton> * signature signing the above with PRIVEK (private part of EK)
Emmanuel> And who is going to collect all these nice data on the local
Please note: the info is signed with PRIVEK.
Only TPM know PRIVEK.
Only TPM can provide the info+signature FCK shall like
(naturally it shall verify the signature with pubek, and if pubek has
been faked or not)
And TPM does not accept external AIK.
It generates AIK internally.
So only TPM knows private part of AIK.
Anton> FCK verifies that your PUBEK are PCR-s are valid and sends you
Anton> Golden Key To Decrypt Their Video = GK.
Anton> GK is bound to your PCR values and is encrypted with
Anton> public part of your TPM's current AIK.
Emmanuel> I suppose FCK is able to check the validity of PUBEK... But,
Emmanuel> scenario, one just needs to fake the AIK to defeat the security.
As I've said we can't faik AIK.
We need pubAIK signed by TPM by privek.
TPM shall only sign AIK generated by itself.
Emmanuel> Well, in this scenario, you could also simply write a software for
Emmanuel> SecureOS which makes exactly the same thing that the original one,
Emmanuel> except that, instead of using GK to simply read the video, he also
Emmanuel> it to a computer running UnSecureOS...
TPM shall not let software use GK unless PCR-s match.
If PCR-s match it's not your software, it's FCK's.
Maybe the scheme does not work exactly like this,
but there's no protection against PRIVEK locked inside TPM
+ external PUBEK records FCK shall verify you PUBEK against.
We need to protest against DRM.
We need to support free software.