On Mon, May 08, 2006 at 04:33:48PM -0600, Shane Hathaway wrote: > Jason Holt wrote: > >If I didn't have TPM, I could still do all that, but you're talking > >about the TPM ensuring that not only does the machine *have* the > >private key, but that the machine is in a certain state. So it > >saves us from an attacker who has the ciphertext *and* access to > >one of the machines, but who can't login as me or otherwise > >convince the OS to ask the TPM for the key (or is it just > >decryption of the ciphertext?)? Are there any other attacks it > >prevents? > > [To Mike]: Also, is it correct that TPM does nothing to prevent an > attacker from exploiting some bug in an otherwise trusted kernel and > inserting code that spies on decrypted files? I would expect other > subsystems to deal with that.
The TPM is a relatively simple device with limited storage and
functionality. It is not an CPU with a Separation Kernel or anything
of the sort. One of its specific jobs is holding on to a key and only
releasing it if PCR register values match up on boot. The rest is up
to the operating system.
Mike
.___________________________________________________________________.
Michael A. Halcrow
Security Software Engineer, IBM Linux Technology Center
GnuPG Fingerprint: 419C 5B1E 948A FA73 A54C 20F5 DB40 8531 6DCA 8769
Every rule has an exception, except the rule of exceptions.
signature.asc
Description: Digital signature
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
