Re: Trusted Boot in Fedora

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Thu, Jun 23, 2011 at 7:30 PM, JB <jb.1234abcd@xxxxxxxxx> wrote:
>> Miloslav TrmaÄ? <mitr <at> volny.cz> writes:
>>
>>>
>>> On Thu, Jun 23, 2011 at 4:21 PM, JB <jb.1234abcd <at> gmail.com> wrote:
>>> ...
>>> > Will the TPM allow a third party remote access to the machine ?
>>> Absolutely not.
>>
>> You are wrong here.
>>
>> http://en.wikipedia.org/wiki/Trusted_Platform_Module
>> "...
>> Overview
>> ... It also includes capabilities such as remote attestation ..."
>
> "Remote attestation" doesn't mean "remote access" - after all, the TPM
> does not contain a network card and it cannot connect an Ethernet
> cable to the socket in the wall :)
>
> The TPM support for remote attestation amounts to "if the system was
> measured as expected, produce a signature to that effect, and produce
> a signature to other data the system has produced for this purpose"
> ("other data" being e.g. the result of an additional self-check of the
> sistem).  What TPM does is a purely local operation.  Whether and how
> this ends up on a remote system and whether and how is is used by the
> remote system, is a matter of pure software that doesn't need the TPM
> for anything else.
>
> TPM doesn't "allow" a third party remote access any more than a CPU
> that is strong enough to let you run ssh on it.

Exactly.  But with the network card, the process by which I can activate,
deactivate, control and monitor that device to allow or deny access is
well documented.  How will are those things done with TPM?  I want to know
that even if someone slips a TPM-exploiting backdoor into my system, I
know that it won't have an effect because cat /proc/foo/bar/tpm returns 0.

How does this work?

-J

>     Mirek
> --
> devel mailing list
> devel@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/devel
>


-- 
in your fear, seek only peace
in your fear, seek only love

-d. bowie

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux