On Mon, 23 May 2005 00:30:15 EDT, James Morris said: > Perhaps I don't understand things fully, but what is the purpose of > providing measurement values locally via proc? > > How can they be trusted without the TPM signing an externally generated > nonce? If you can't trust what the kernel is outputting in /proc, you're screwed. And for that matter, how would you verify that it's the TPM that signed the externally generated nonce? (Remember - if you can't trust /proc, then you have to assume that *any* attempt at talking to the TPM from userspace *is* a MITM attack - and you don't have access to any out-of-band info. If the now-untrusted kernel did a MITM on your nonce and signed it with a fake key, then it can *also* MITM your attempt to read the "correct" key from /etc/tpm.key or wherever it is....
This archive was generated by hypermail 2.1.3 : Sun May 22 2005 - 21:53:13 PDT