Re: [PATCH 2 of 4] ima: related Makefile compile order change and Readme

From: Valdis.Kletnieks@private
Date: Sun May 22 2005 - 21:52:13 PDT

On Mon, 23 May 2005 00:30:15 EDT, James Morris said:

> Perhaps I don't understand things fully, but what is the purpose of 
> providing measurement values locally via proc?
> How can they be trusted without the TPM signing an externally generated 
> nonce?

If you can't trust what the kernel is outputting in /proc, you're screwed.

And for that matter, how would you verify that it's the TPM that signed the
externally generated nonce? (Remember - if you can't trust /proc, then you
have to assume that *any* attempt at talking to the TPM from userspace *is*
a MITM attack - and you don't have access to any out-of-band info.  If the
now-untrusted kernel did a MITM on your nonce and signed it with a fake key,
then it can *also* MITM your attempt to read the "correct" key from /etc/tpm.key
or wherever it is....

This archive was generated by hypermail 2.1.3 : Sun May 22 2005 - 21:53:13 PDT