> Miloslav TrmaÄ? <mitr <at> volny.cz> writes: > >> >> On Thu, Jun 23, 2011 at 4:21 PM, JB <jb.1234abcd <at> gmail.com> wrote: >> ... >> > Will the TPM allow a third party remote access to the machine ? >> Absolutely not. > > You are wrong here. > > http://en.wikipedia.org/wiki/Trusted_Platform_Module > "... > Overview > ... It also includes capabilities such as remote attestation ..." > > Also: > http://lists.fedoraproject.org/pipermail/users/2011-June/400545.html So how do we ensure that software is not leveraging this by default and is user-auditable? >> ... >> > By the virtue of beeing associated with the "root of trust" ? >> "Root of trust" in TPM lingo is something different - it's "we know >> that the kernel and related software we run has not been tampered >> with". The root of trust is established by the tboot blob, which >> should verify the state of all relevant hardware. > > There is more to that. > With regard to "root of trust" origin, meaning, applications: > > 1. OS privilege isolation > > http://communities.intel.com/community/openportit/vproexpert/blog/2011/01/25/trusted-execution-technology-aka-txt-what-is-it?wapkw=%28trusted+boot%29 > "... > Who remembers the ring hierarchy introduced on the 286 that allowed > creating an operating system with privilege isolation? > ... > Trusted Execution Technology (TXT) comes as a reinforcement to deal > with > threats that act on the same level of the kernel operating system or > even > more privileged levels -- like hypervisorâ??s malware, where the > malicious > code can take advantage of the CPU virtualization instructions to > emulate > hardware instructions and completely control the operating system. > ..." > > 2. platform integrity (hardware plus software) > http://en.wikipedia.org/wiki/Trusted_Platform_Module > "... > Platform Integrity > ... In this context "integrity" means "behave as intended" and > a "platform" is generically any computer platform - not limited to PCs > or > just Windows ... > ... > Together with the BIOS, the TPM forms a Root of Trust: ... > ..." > > 3. DRM; Software Licensing. > http://en.wikipedia.org/wiki/Trusted_Platform_Module > "... > Other uses and concerns > Almost any encryption-enabled application can in theory make use of a > TPM, > including: > Digital rights management > Software license protection & enforcement > ..." > >> ... > > JB > > > -- > devel mailing list > devel@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/devel > -- in your fear, seek only peace in your fear, seek only love -d. bowie -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
