Re: Part 2: System Structure

[Jonathan S. Shapiro]

On Fri, 2006-05-19 at 14:21 +0200, Pierre THIERRY wrote:
> Scribit Bas Wijnen dies 19/05/2006 hora 11:34:
> > Currently, I am root on my computer.  There is no way you can let me
> > run a program on a GNU/Linux machine where I am root without allowing
> > me to see the binary.
> 
> Would that be different when you are the owner on the constuctor-based
> system? I don't think so.

Yes. It would be different. In the absence of a TPM chip, the system can
be constructed in such a way that disk forensics (or more simply:
examination of the installation CD) is required. In the *presence* of a
TPM chip, inspection can be prohibited.

In practice, inspection of the code and initial data probably isn't a
critical issue, and I think that allowing it in general poses no great
difficulties.

The complicated issue is inspection of runtime state, which definitely
*can* be prevented in a constructor system, with or without the TPM
chip.

All of this assumes no bus probes.

shap