Dave Tian <[email protected]> writes: > I am personally in favor of a TPM-like solution, since we probably > couldn’t/shouldn’t disable the firmware update anyway, > and we really need a hardware root of trust (with a key embedded) in > the device, like the TPM in the host.
I don't think we need a true TPM in the hardware; the device is
read-only in normal operation with firmware upgrades requiring physical
presence. So, supply the private key with the firmware and then erase it
From the host once programmed. Once the programming jumper is removed,
only physical access would be sufficient to extract the private key.
Here's more information about the hardware:
http://altusmetrum.org/ChaosKey/
--
-keith
signature.asc
Description: PGP signature
