> On Thu, Jun 23, 2011 at 7:30 PM, JB <jb.1234abcd@xxxxxxxxx> wrote: >> Miloslav TrmaÄ? <mitr <at> volny.cz> writes: >> >>> >>> On Thu, Jun 23, 2011 at 4:21 PM, JB <jb.1234abcd <at> gmail.com> wrote: >>> ... >>> > Will the TPM allow a third party remote access to the machine ? >>> Absolutely not. >> >> You are wrong here. >> >> http://en.wikipedia.org/wiki/Trusted_Platform_Module >> "... >> Overview >> ... It also includes capabilities such as remote attestation ..." > > "Remote attestation" doesn't mean "remote access" - after all, the TPM > does not contain a network card and it cannot connect an Ethernet > cable to the socket in the wall :) > > The TPM support for remote attestation amounts to "if the system was > measured as expected, produce a signature to that effect, and produce > a signature to other data the system has produced for this purpose" > ("other data" being e.g. the result of an additional self-check of the > sistem). What TPM does is a purely local operation. Whether and how > this ends up on a remote system and whether and how is is used by the > remote system, is a matter of pure software that doesn't need the TPM > for anything else. > > TPM doesn't "allow" a third party remote access any more than a CPU > that is strong enough to let you run ssh on it. Exactly. But with the network card, the process by which I can activate, deactivate, control and monitor that device to allow or deny access is well documented. How will are those things done with TPM? I want to know that even if someone slips a TPM-exploiting backdoor into my system, I know that it won't have an effect because cat /proc/foo/bar/tpm returns 0. How does this work? -J > Mirek > -- > devel mailing list > devel@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/devel > -- in your fear, seek only peace in your fear, seek only love -d. bowie -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
