On Tue, Nov 20, 2018 at 09:23:01AM -0800, James Bottomley wrote: > On Tue, 2018-11-20 at 13:10 +0200, Jarkko Sakkinen wrote: > [...] > > This is basically rewrite of TPM genie paper with extras. just > > shorten it to include the proposed architecture and point to the TPM > > Genie paper (which is not in the references at all ATM). > > I really don't think so. The paper only gives details of bound > authorization sessions for TPM 2.0 which suffer from no to weak entropy > problems. The reason for using salted ones in the document, which > aren't mentioned at all in the genie paper, is so we have a high > entropy cryptographically unguessable HMAC and encryption key. Point taken. I will re-read the paper with care as soon as I have time and give better feedback. > Only if you have some type of security seal, which most laptops don't > have. Agreed went over the top on this one. /Jarkko
