On Sun, May 07, 2006 at 05:35:32PM +0000, Jason Holt wrote: > I've never been able to nail down a case of a non-evil use of this > technology that couldn't be done purely in software or with a much > simpler piece of hardware. Could you describe one or two, please? > (And as to naming, you have to admit that they've come up with a > bewildering number of terms for everyone to keep straight.)
One use I have in mind involves protecting the key that is used to
encrypt the contents of a device, wherein the data on that device
should only be accessible on a certain host or set of hosts running a
particular operating environment. The TPM can be configured to only
``release'' a key if the machine is attested with a certain stack
(bootloader, kernel, modules, etc.). If an attacker gets a hold of the
storage device and the passphrase, he still cannot decrypt the
contents without being at the machine, and the machine must be booted
through a trusted chain in order for the key to be released -- meaning
that the authentication mechanism enforced in that operating
environment also protects the data.
Mike
.___________________________________________________________________.
Michael A. Halcrow
Security Software Engineer, IBM Linux Technology Center
GnuPG Fingerprint: 419C 5B1E 948A FA73 A54C 20F5 DB40 8531 6DCA 8769
"To prohibit sharing software is to cut the bonds of society."
- Richard Stallman
signature.asc
Description: Digital signature
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
