Jason Holt wrote:
If I didn't have TPM, I could still do all that, but you're talking about the TPM ensuring that not only does the machine *have* the private key, but that the machine is in a certain state. So it saves us from an attacker who has the ciphertext *and* access to one of the machines, but who can't login as me or otherwise convince the OS to ask the TPM for the key (or is it just decryption of the ciphertext?)? Are there any other attacks it prevents?
[To Mike]: Also, is it correct that TPM does nothing to prevent an attacker from exploiting some bug in an otherwise trusted kernel and inserting code that spies on decrypted files? I would expect other subsystems to deal with that.
Shane /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
