On Saturday 10 February 2007 17:13, Tim Thornton wrote:
...
> The TPM was designed with this in mind, and each TPM has its own keys.
> Because they're internal to the TPM and can't be extracted by software,
> you can have confidence in the TPM's authenticity.
This is waaaay off topic, but how does a remote third party that wants to
trust your system tell the difference between (for example):
* A remote system that's just been bought that's using the TPM to securely
store keys for a secure store/streaming system
* A remote system that is running a virtual machine that looks to the
operating system sitting inside that virtual machine as if it has a TPM
module, and that remote machine looks like its just been installed, and
the virtualised OS is otherwise installed identically.
For all intents and purposes the remote third party (eg a person wanting to
trust) should get the same responses from the secure system, and the
supposedly secure system.
I don't work with these things, but having read the linux journal article[1]
sometime back, and knowing how virtualisation works, and the fact that any
hardware system can be emulated I can't see how a remote third party can
truly tell the difference.
[1] For anyone else, if they haven't read this, its worth reading since
you'll see that TCPA/TPM is a double edged sword that has many real
uses beyond things like DRM. (Once I read it, it struck me that its
primary use is for helping lock down a military laptop in the event
of it being compromised/stolen in an even more secure fashion than
people who are used to used an encrypted loopback device are used to)
Based on your comments, I'm guessing that the TPMs themselves have default
hardware keys as well as being able to generate keys and those default keys
can in fact be authenticated rather than just being able to generated? What's
to stop someone opening up the hardware to find out what that is? Obviously
that's outside the realms of your average developer, but it's not outside the
capabilities of a commercial company.
All clearly hypothetical examples, with varying levels of likelihood, but
since you say you work in the area, I'm curious as to the answer or pointers
since I suspect there is :)
Feel free to respond with terms that I should google for BTW :)
Regards,
Michael.
-
Sent via the backstage.bbc.co.uk discussion group. To unsubscribe, please
visit http://backstage.bbc.co.uk/archives/2005/01/mailing_list.html.
Unofficial list archive: http://www.mail-archive.com/backstage@lists.bbc.co.uk/
