Am Freitag, den 06.10.2006, 17:29 -0400 schrieb Thor Lancelot Simon: > On Thu, Oct 05, 2006 at 11:51:49PM +0200, Erik Tews wrote: > > Am Donnerstag, den 05.10.2006, 16:25 -0500 schrieb Travis H.: > > > On 10/2/06, Erik Tews <[EMAIL PROTECTED]> wrote: > > > > Am Sonntag, den 01.10.2006, 23:42 -0500 schrieb Travis H.: > > > > > Anyone have any information on how to develop TPM software? > > > > http://tpm4java.datenzone.de/ > > > > Using this lib, you need less than 10 lines of java-code for doing some > > > > simple tpm operations. > > > > > > Interesting, but not what I meant. I want to program the chip to verify > > > that the BIOS, boot sector, root partition conform to *my* specification. > > > > > You can do that (at least in theory). > > > > First, you need a system with tpm. I assume you are running linux. Then > > you boot your linux-kernel and an initrd using the trusted grub > > bootloader. Your bios will report the checksum of trusted grub to the > > tpm before giving control to your grub bootloader. > > And the TPM knows that your BIOS has not lied about the checksum of grub > how?
The TPM does not know that the BIOS did not lie about the checksum of grub or any other bios component. What you do is, you trust your TPM and your BIOS that they never lie to you, because they are certified by the manufature of the system and the tpm. (This is why it is called trusted computing) So if you don't trust your hardware and your manufactor, trusted computing is absolutely worthless for you. But if you trust a manufactor, the manufactor trusts the tpms he has build and embedded in some systems, and you don't trust a user that he did not boot a modified version of your operating system, you can use these components to find out if the user is lieing.
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
