> On Fri, Jun 24, 2011 at 10:01:45AM +0100, Camilo Mesias wrote: >> I am still struggling to see real applications for this. I don't know >> how a networked system using the technology could be differentiated >> from an (insecure) software simulation of the same from a remote >> viewer's perspective. Also I don't see how it would be used in the > > Afaik it would allow to securely enter hard disk encryption passwords > via network on a Fedora system, because one can ensure that the correct > (untampered) initrd / kernel is loaded. > You cannot simulate this afaik because the used cryptographic keys are > only stored in the TPM module and cannot be accessed from the outside. > Therefore one needs to tamper with the TPM module instead of only with > the unencrypted /boot partition, which is a lot harder from my point of > view. So you can't possibly duplicate the keys elsewhere and modify the software calling them to look in that place, allowing you to virtualize a whole cluster of the same "trusted" machine? -J > Regards > Till > -- > devel mailing list > devel@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/devel > -- in your fear, seek only peace in your fear, seek only love -d. bowie -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
