cyphrpunk wrote:
1. The issue is still moot at present. We are a long way from where
open, public, remote attestion will be possible. See this diagram from
the Trousers open-source TPM software stack project which shows which
pieces are still missing:
Travis H. wrote:
I can validate everything else, but as long as the BIOS is
motherboard-specific and closed source, I don't see why I should trust
it. We need to get rid of this legacy crud. LinuxBIOS is a good step
but unfortunately it is only supported on a few motherboards.
We're
Alexander Klimov wrote:
Since a regular installation
should not change ``reported OS hash,'' TPM will not be able to detect
the difference. Am I missing something?
You're missing the marketing value of saying this piece of hardware,
that you probably wouldn't otherwise want in your machine
Kuehn, Ulrich wrote:
Who is we? In the case of my own system I payed for (so speaking
for myself) I would like to have such a mechanism to have the system
prove to me before login that it is not tampered with. The TCG
approach does not provide this.
What does prove mean here? Does having a
On 10/10/06, Adam Back [EMAIL PROTECTED] wrote:
I think the current CPUs / memory managers do not have the ring -1 /
curtained memory features, but already a year ago or more Intel and
AMD were talking about these features. So its possible the for
example hypervisor extra virtualization
James A. Donald:
Well obviously I trust myself, and do not trust
anyone else all that much, so if I am the user, what
good is trusted computing?
One use is that I can know that my operating system
has not changed behind the scenes, perhaps by a
rootkit, know that not only have I not
Here is a posting from the cypherpunks mailing list describing the
capabilities of Intel's new virtualization/TPM technology. Gets a bit
ranty but still good information.
CP
-- Forwarded message --
From: Anonymous Remailer (austria) [EMAIL PROTECTED]
Date: Fri, 29 Sep 2006
From: Ivan Krstić [mailto:[EMAIL PROTECTED]
Kuehn, Ulrich wrote:
Who is we? In the case of my own system I payed for (so
speaking for
myself) I would like to have such a mechanism to have the
system prove
to me before login that it is not tampered with. The TCG
approach does
On 10/13/06, Kuehn, Ulrich [EMAIL PROTECTED] wrote:
With reliably stopping the boot process I mean the following: Given that
stage i of the process is running, it takes the hash of the next stage,
compares that to an expected value. If they match, the current stage extends
the TPM register (when
On Mon, 9 Oct 2006 kkursawe at esat.kuleuven.ac.be wrote:
IIUC, TPM is pointless for disk crypto: if your laptop is stolen the
attacker can reflash BIOS and bypass TPM.
According to TCG Specification, the first part of the BIOS (called
Core Root of Trust for Measurement) should be
From: James A. Donald [mailto:[EMAIL PROTECTED]
Sent: Dienstag, 10. Oktober 2006 06:40
What we want is that a bank client can prove to the bank it
is the real client, and not trojaned. What the evil guys at
RIAA want is that their music player can prove it is their
real music player,
I was suspecting that as DRM at least appears to one of the main
motivators (along side trojan/malware protection) for trustworthy
computing that probably you will not be able to put the TPM into debug
mode (ie manipulate code without affecting the hash attested in debug
mode). Ability to do so
On Mon, 9 Oct 2006, James A. Donald wrote:
Well obviously I trust myself, and do not trust anyone else all that
much, so if I am the user, what good is trusted computing?
One use is that I can know that my operating system has not changed
behind the scenes, perhaps by a rootkit, know that
What we want is that a bank client can prove to the bank
it is the real client, and not trojaned. What the evil
guys at RIAA want is that their music player can prove
it is their real music player, and not hacked by the end
user. Having a system that will only boot up in a known
state is
On 10/9/06, Adam Back [EMAIL PROTECTED] wrote:
The bad part is that the user is not given control to modify the hash
and attest as if it were the original so that he can insert his own
code, debug, modify etc.
(All that is needed is a debug option in the BIOS to do this that only
the user can
On 10/10/06, Brian Gladman [EMAIL PROTECTED] wrote:
I haven't been keeping up to date with this trusted computing stuff over
the last two years but when I was last involved it was accepted that it
was vital that the owner of a machine (not necessarily the user) should
be able to do the sort of
--
Kuehn, Ulrich wrote:
However, this is the big problem with the TPM
according to the TCG spec. While you can remotely
verify that the system came up according to what you
installed there, you have no means to force it to
either come up the way you want, or to be in a clear
error
Adam Back wrote:
So the part about being able to detect viruses, trojans and attest
them between client-server apps that the client and server have a
mutual interest to secure is fine and good.
The bad part is that the user is not given control to modify the hash
and attest as if it were
From: Erik Tews [mailto:[EMAIL PROTECTED]
Sent: Donnerstag, 5. Oktober 2006 23:52
[...]
Later, you can remotely query your system and get a report
what has been bootet on your system. You can do this query
using a java application and tpm4java.
However, this is the big problem
On Fri, 6 Oct 2006, Erik Tews wrote:
And the TPM knows that your BIOS has not lied about the checksum of grub
how?
The TPM does not know that the BIOS did not lie about the checksum of
grub or any other bios component.
What you do is, you trust your TPM and your BIOS that they never lie
Erik Tews wrote:
What you do is, you trust your TPM and your BIOS that they never lie to
you, because they are certified by the manufature of the system and the
tpm. (This is why it is called trusted computing)
So if you don't trust your hardware and your manufactor, trusted
computing is
So the part about being able to detect viruses, trojans and attest
them between client-server apps that the client and server have a
mutual interest to secure is fine and good.
The bad part is that the user is not given control to modify the hash
and attest as if it were the original so that he
Alexander Klimov schrieb:
On Fri, 6 Oct 2006, Erik Tews wrote:
And the TPM knows that your BIOS has not lied about the checksum of grub
how?
The TPM does not know that the BIOS did not lie about the checksum of
grub or any other bios component.
What you do
On Thu, Oct 05, 2006 at 11:51:49PM +0200, Erik Tews wrote:
Am Donnerstag, den 05.10.2006, 16:25 -0500 schrieb Travis H.:
On 10/2/06, Erik Tews [EMAIL PROTECTED] wrote:
Am Sonntag, den 01.10.2006, 23:42 -0500 schrieb Travis H.:
Anyone have any information on how to develop TPM software?
Am Freitag, den 06.10.2006, 17:29 -0400 schrieb Thor Lancelot Simon:
On Thu, Oct 05, 2006 at 11:51:49PM +0200, Erik Tews wrote:
Am Donnerstag, den 05.10.2006, 16:25 -0500 schrieb Travis H.:
On 10/2/06, Erik Tews [EMAIL PROTECTED] wrote:
Am Sonntag, den 01.10.2006, 23:42 -0500 schrieb
On 10/2/06, Erik Tews [EMAIL PROTECTED] wrote:
Am Sonntag, den 01.10.2006, 23:42 -0500 schrieb Travis H.:
Anyone have any information on how to develop TPM software?
http://tpm4java.datenzone.de/
Using this lib, you need less than 10 lines of java-code for doing some
simple
On 10/5/06, Erik Tews [EMAIL PROTECTED] wrote:
First, you need a system with tpm. I assume you are running linux. Then
you boot your linux-kernel and an initrd using the trusted grub
bootloader. Your bios will report the checksum of trusted grub to the
tpm before giving control to your grub
Quoting:
Disk drives gear up for a lockdown
Rick Merritt, EE Times (09/25/2006 9:00 AM EDT)
Built-in security is the next big thing for hard-disk drives. By 2008,
drive makers should be shipping in volume a broad array of drives
based on a maturing standard.
...
The first version of the
Am Sonntag, den 01.10.2006, 23:42 -0500 schrieb Travis H.:
Anyone have any information on how to develop TPM software?
Yes, thats easy. We created a java library for the tpm chip. You can get
it at
http://tpm4java.datenzone.de/
Using this lib, you need less than 10 lines
29 matches
Mail list logo