On Tue, Sep 22, 2009 at 05:19:36PM +0200, Michal Suchanek wrote: > 2009/9/22 Sam Mason <[email protected]>: > > If somebody breaks in and installs some malicious code then I want it to > > break in the most obvious way possible. The admin then reinstalls the > > system and only when everything has been brought back to normal will the > > system will be allowed back into the network. > > How do you actually check for malicious code?
The obvious way is just to say that if any part of the TCB is unknown then it's treated as malicious. > The drm scheme only needs to protect a particular key store and > integrity of a single application - the media player. This may be > feasible even on Linux. I'm not sure if I care about DRM or key stores at all. All I think I want TPM for is to verify that my TCB is one that's considered good. > On the other hand, making sure that none of your documents are > randomly sent over the network or overwritten is hard, you can do > that with a shell script or similar on most systems. > > If they were drm protected media files there is no harm to the > provider of the drm content, they can be still accesses only with the > right keys and the right system and player. I'm not interested in any of that. The case I'm thinking of is a network of computers using potentially sensitive data/code and I want to make sure they're only running the "correct" code and neither code or data are going fall under the control of an attacker. > Different goals often require different tools. Indeed they do, and I think that TPM should be able to increase my confidence in this. I'm not sure how much this will actually help though. > Even considering these possible variables there is still much less to > check than with a TPM chip. You can also obtain information on the > construction of the flash chip so you should be aware of possible > pitfalls in advance. > > It is also more feasible to get a custom BIOS than it is to get a > custom TPM chip. Yup, I'm starting to get the feeling you're right. TPM is a fun bit of research, but it's so far removed from any practical application that I'm struggling to justify it. -- Sam http://samason.me.uk/
