Hi! Shap> 3. Local software can perform these operations, refusing to decrypt Shap> content unless an acceptable endorsement is provided by the TPM.
Emmanuel> So my first question is : how does the local software has Emmanuel> to proceed, in order to check that the endorsement key Emmanuel> he got from the kernel was really provided by the TPM? Emmanuel> My other question is : how does the software knows Emmanuel> that this endorsement key is acceptable? Do you think it could go like this: Imagine company FCK sells DRM protected video. To use their video you've got to pass though 'attest your computer' online procedure. During this procedure your give FCK the following data provided by your TPM * public part of your TPM's current AIK (attestation key) * your TPM's PUBEK (public part of it's endorsement key) * current collection of PCR registers * signature signing the above with PRIVEK (private part of EK) FCK verifies that your PUBEK are PCR-s are valid and sends you Golden Key To Decrypt Their Video = GK. GK is bound to your PCR values and is encrypted with public part of your TPM's current AIK. Only your TPM can decrypt GK, because only it knows private part of AIK. It shall allow this key to be used only if PCR-s match. Anton P.S. I've got only one resevation, got to look up into docs - can private part of AIK be used to decrypt GK? Is this allow by the doc? _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
