On Thu, Feb 03, 2005 at 11:45:01PM -0600, Shawn K. Quinn wrote: > Isn't it possible to emulate the TCPA chip in software, using one's own > RSA key, and thus signing whatever you damn well please with it instead > of whatever the chip wants to sign? So in reality, as far as remote > attestation goes, it's only as secure as the software driver used to > talk to the TCPA chip, right?
The TCPA chip verifies the (signature on the) BIOS and the OS. So the software driver is the one that's trusted by the TCPA chip. Plus the private key is kept in the chip, so it can't be read by your emulator. If your emulator picks its own key pair then its attesations will be detected as invalid by a relying party that's using the real TCPA public keys. Eric
