[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A _good_ and valid use for TPM

From: Robert Millan
Subject: Re: A _good_ and valid use for TPM
Date: Sat, 21 Feb 2009 14:46:07 +0100
User-agent: Mutt/1.5.18 (2008-05-17)

On Fri, Feb 20, 2009 at 03:03:04AM +0200, Alex Besogonov wrote:
> On Fri, Feb 20, 2009 at 2:29 AM, Jan Alsenz <address@hidden> wrote:
> [skip]
> >        The TPM can proof to another party, that the PCRs have certain 
> > values (of
> > course the communication needs to be established by normal software running 
> > on
> > the machine)
> Yes, I'm trying to do remote attestation.

You're confusing things.  I think you simply want to ensure data integrity, and
the TPM doesn't even do that: it simply puts the problem in hands of a third

"remote attestation" is only useful when you want to coerce others into
running your (generaly proprietary) software.  I hope this is not what you
want to do.

> >> First, I don't think it's possible to implement SHA-1 hashing in MBR -
> >> there's probably just not enough space left in 512-byte code segment
> >> for that.
> > I am very sure of that.
> Well, I spoke phcoder on Jabber - there might be a way to do this.
> He's going to investigate it.

This is unnecessary.  Once GRUB supports crypto, it can simply load
itself from an encrypted filesystem on disk.  An image can be of
arbitrary size.

Robert Millan

  The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and
  how) you may access your data; but nobody's threatening your freedom: we
  still allow you to remove your data and not access it at all."

reply via email to

[Prev in Thread] Current Thread [Next in Thread]