[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A _good_ and valid use for TPM
From: |
Jan Alsenz |
Subject: |
Re: A _good_ and valid use for TPM |
Date: |
Sat, 21 Feb 2009 15:20:39 +0100 |
User-agent: |
Thunderbird 2.0.0.19 (X11/20090104) |
Robert Millan wrote:
> On Fri, Feb 20, 2009 at 03:03:04AM +0200, Alex Besogonov wrote:
>> On Fri, Feb 20, 2009 at 2:29 AM, Jan Alsenz <address@hidden> wrote:
>> [skip]
>>> The TPM can proof to another party, that the PCRs have certain
>>> values (of
>>> course the communication needs to be established by normal software running
>>> on
>>> the machine)
>> Yes, I'm trying to do remote attestation.
>
> You're confusing things. I think you simply want to ensure data integrity,
> and
> the TPM doesn't even do that: it simply puts the problem in hands of a third
> party.
>
> "remote attestation" is only useful when you want to coerce others into
> running your (generaly proprietary) software. I hope this is not what you
> want to do.
Yes, this is exactly what he tries do to: convince his keyserver, that the
requesting server runs, what it's supposed to.
Which is exactly remote attestation, just in this case he controls both sides,
which I think makes it an interesting use of the technology.
>>>> First, I don't think it's possible to implement SHA-1 hashing in MBR -
>>>> there's probably just not enough space left in 512-byte code segment
>>>> for that.
>>> I am very sure of that.
>> Well, I spoke phcoder on Jabber - there might be a way to do this.
>> He's going to investigate it.
>
> This is unnecessary. Once GRUB supports crypto, it can simply load
> itself from an encrypted filesystem on disk. An image can be of
> arbitrary size.
Ok, but where does it get the key from?
And how can wherever the key comes from be sure that it's talking to GRUB?
Greets,
Jan
signature.asc
Description: OpenPGP digital signature
- Re: A _good_ and valid use for TPM, (continued)
- Re: A _good_ and valid use for TPM, Alex Besogonov, 2009/02/19
- Re: A _good_ and valid use for TPM, phcoder, 2009/02/19
- Re: A _good_ and valid use for TPM, Alex Besogonov, 2009/02/19
- Re: A _good_ and valid use for TPM, Jan Alsenz, 2009/02/19
- Re: A _good_ and valid use for TPM, Alex Besogonov, 2009/02/19
- Re: A _good_ and valid use for TPM, Jan Alsenz, 2009/02/20
- Re: A _good_ and valid use for TPM, Alex Besogonov, 2009/02/21
- Re: A _good_ and valid use for TPM, Robert Millan, 2009/02/27
- Re: A _good_ and valid use for TPM, Robert Millan, 2009/02/21
- Re: A _good_ and valid use for TPM,
Jan Alsenz <=
- Re: A _good_ and valid use for TPM, Robert Millan, 2009/02/21
- Re: A _good_ and valid use for TPM, Jan Alsenz, 2009/02/21
- Re: A _good_ and valid use for TPM, Robert Millan, 2009/02/21
- Re: A _good_ and valid use for TPM, Alex Besogonov, 2009/02/21
- Re: A _good_ and valid use for TPM, phcoder, 2009/02/22
- Re: A _good_ and valid use for TPM, Michal Suchanek, 2009/02/22
- Re: A _good_ and valid use for TPM, phcoder, 2009/02/22
- Re: A _good_ and valid use for TPM, step21, 2009/02/22
- Re: A _good_ and valid use for TPM, Michal Suchanek, 2009/02/23
- Re: A _good_ and valid use for TPM, Robert Millan, 2009/02/27