On Mon, 22 Oct 2018, Ken Goldman wrote:
Does this design assume that there was at time zero no monitoring? This would permit some shared secret to be established. Or does it assume that the interception may have been present from the first boot? If so, how is the first shared secret established. Salting using the EK is the usual method, but this requires walking the EK certificate chain and embedding the TPM vendor CA certificates in the kernel.
Kernel gets the public portion EK and uses its own key pair in its own end so everything should be good, right? /Jarkko
