On Mon, Jun 16, 2008 at 05:54:44PM -0700, Darren Reed wrote: > But this isn't enough. The hash only verifies that the file on disk that > you're going to execute matches a previously recorded hash for it. > It doesn't engage the TPM in any way and nor can you make any > assertions about the trustworthiness of the new binary.
So? That's true of *every* bit of executable code loaded and run by the kernel after crypto services are running, and that includes kernel loadable modules and user-land programs and libraries. I don't see why the new kernel must be verified by the TPM instead of the old kernel.
