On Tue, 2006-06-06 at 22:09 +0200, Bas Wijnen wrote: > On Tue, Jun 06, 2006 at 03:40:07PM +0200, Ludovic Court?s wrote: > > > Not that I disprove or dismiss the use of TC for OS verification, > > > > Just a bit of nitpicking: TC is not about software verification, but > > about software *certification*, i.e., certification by a "certification > > authority". This is very different. > > That may be what it's meant for, but it's not what it does. What it does is > verification (by means of a signature of a trusted (secret) key on the code). > This verification can (and will) be used for certification, indeed, but the > hardware doesn't actually do that, and could be used for other things if > desired (although I don't see any other use for OS verification).
Technically, no. What it does is attestation, not verification. The TPM does not prohibit any kernel from running. What it does is provide a strongly credible attestation about what kernel it is. There *is* a small verification step associated with secure storage, but I don't think that is what you were referring to above. shap _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
