> Date: Fri, 9 Aug 2002 19:30:09 -0700 > From: AARG!Anonymous <[EMAIL PROTECTED]>
> Re the debate over whether compilers reliably produce identical object > (executable) files: > > The measurement and hashing in TCPA/Palladium will probably not be done > on the file itself, but on the executable content that is loaded into > memory. For Palladium it is just the part of the program called the > "trusted agent". So file headers with dates, compiler version numbers, > etc., will not be part of the data which is hashed. > > The only thing that would really break the hash would be changes to the > compiler code generator that cause it to create different executable > output for the same input. This might happen between versions, but > probably most widely used compilers are relatively stable in that > respect these days. Specifying the compiler version and build flags > should provide good reliability for having the executable content hash > the same way for everyone. A trivial observation: this cannot be true across hardware platforms. TCPA claims to be "platform and OS agnostic", but Palladium does not.