On Thu, Jun 23, 2011 at 7:30 PM, JB <jb.1234abcd@xxxxxxxxx> wrote: > Miloslav Trmač <mitr <at> volny.cz> writes: > >> >> On Thu, Jun 23, 2011 at 4:21 PM, JB <jb.1234abcd <at> gmail.com> wrote: >> ... >> > Will the TPM allow a third party remote access to the machine ? >> Absolutely not. > > You are wrong here. > > http://en.wikipedia.org/wiki/Trusted_Platform_Module > "... > Overview > ... It also includes capabilities such as remote attestation ..." "Remote attestation" doesn't mean "remote access" - after all, the TPM does not contain a network card and it cannot connect an Ethernet cable to the socket in the wall :) The TPM support for remote attestation amounts to "if the system was measured as expected, produce a signature to that effect, and produce a signature to other data the system has produced for this purpose" ("other data" being e.g. the result of an additional self-check of the sistem). What TPM does is a purely local operation. Whether and how this ends up on a remote system and whether and how is is used by the remote system, is a matter of pure software that doesn't need the TPM for anything else. TPM doesn't "allow" a third party remote access any more than a CPU that is strong enough to let you run ssh on it. Mirek -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
