On Thu, 15 Aug 2002, Anonymous wrote: > [Repost] > > Joe Ashwood writes: > > > Actually that does nothing to stop it. Because of the construction of TCPA, > > the private keys are registered _after_ the owner receives the computer, > > this is the window of opportunity against that as well. > > Actually, this is not true for the endoresement key, PUBEK/PRIVEK, which > is the "main" TPM key, the one which gets certified by the "TPM Entity". > That key is generated only once on a TPM, before ownership, and must > exist before anyone can take ownership. For reference, see section 9.2, > "The first call to TPM_CreateEndorsementKeyPair generates the endorsement > key pair. After a successful completion of TPM_CreateEndorsementKeyPair > all subsequent calls return TCPA_FAIL." Also section 9.2.1 shows that > no ownership proof is necessary for this step, which is because there is > no owner at that time. Then look at section 5.11.1, on taking ownership: > "user must encrypt the values using the PUBEK." So the PUBEK must exist > before anyone can take ownership. > > > The worst case for > > cost of this is to purchase an additional motherboard (IIRC Fry's has them > > as low as $50), giving the ability to present a purchase. The > > virtual-private key is then created, and registered using the credentials > > borrowed from the second motherboard. Since TCPA doesn't allow for direct > > remote queries against the hardware, the virtual system will actually have > > first shot at the incoming data. That's the worst case. > > I don't quite follow what you are proposing here, but by the time you > purchase a board with a TPM chip on it, it will have already generated > its PUBEK and had it certified. So you should not be able to transfer > a credential of this type from one board to another one.
< ... /> But I think you claimed "No root key.". Is this not a "root key"? oo--JS.