On Tue, 2018-11-20 at 13:10 +0200, Jarkko Sakkinen wrote: [...] > This is basically rewrite of TPM genie paper with extras. just > shorten it to include the proposed architecture and point to the TPM > Genie paper (which is not in the references at all ATM). I really don't think so. The paper only gives details of bound authorization sessions for TPM 2.0 which suffer from no to weak entropy problems. The reason for using salted ones in the document, which aren't mentioned at all in the genie paper, is so we have a high entropy cryptographically unguessable HMAC and encryption key. > The way I see it the data validation is way more important than > protecting against physical interposer to be frank. > > The attack scenario would require to open the damn device. Yes (well, currently). > For laptop that would leave physical marks (i.e. evil maid). Only if you have some type of security seal, which most laptops don't have. James > In a data center with armed guards I would wish you good luck > accomplishing it. It is not anything like sticking a USB stick and > run. > > We can take a fix into Linux with a clean implementation but it needs > to be an opt-in feature because not all users will want to use it. > > /Jarkko >
