[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Broken dream of mine :(

From: Jonathan S. Shapiro
Subject: Re: Broken dream of mine :(
Date: Wed, 23 Sep 2009 00:58:50 -0700

On Mon, Sep 21, 2009 at 3:38 AM, Sam Mason <address@hidden> wrote:
I thought the point of TPM was that the kernel can't lie, or rather if
it does then you can trivially find out that it has.  You end up getting
a signature of the programs in the TCB and hence you can allow your
code to run only if you know that this set of processes are known to be
Not quite. Here is what TPM gives you:
  * The TPM computes a cryptographic hash of your BIOS, your
    bootloader, and your kernel [in sequence] as the system boots up.
    (an HMAC).
  * The kernel can later ask the TPM to produce a signed packet
    containing that HMAC using public key signature methods.
So if an application wants to know, it must ask the kernel, which asks the TPM. The kernel can refuse to answer, but an incorrect answer is detectable.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]