Alexander Klimov wrote:
> Since a regular installation
> should not change ``reported OS hash,'' TPM will not be able to detect
> the difference. Am I missing something?

You're missing the marketing value of saying "this piece of hardware,
that you probably wouldn't otherwise want in your machine since it makes
sure that the machine can be trusted /against/ you, is great! Because it
protects you against trojans! And everyone wants to be safe from
trojans, right?".

> Btw, how the TCG allows to regularly change the kernel for security
> patches and still keep the same ``reported hash''?

The Microsoft guy presenting BitLocker at HITB last month mentioned
this, but glossed over it without explaining. He did seem to indicate
that they had some solution, but didn't provide details, IIRC.

-- 
Ivan Krstić <[EMAIL PROTECTED]> | GPG: 0x147C722D

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to