Dave Tian <dave.jing.tian@xxxxxxxxx> writes: > I am personally in favor of a TPM-like solution, since we probably > couldn’t/shouldn’t disable the firmware update anyway, > and we really need a hardware root of trust (with a key embedded) in > the device, like the TPM in the host. I don't think we need a true TPM in the hardware; the device is read-only in normal operation with firmware upgrades requiring physical presence. So, supply the private key with the firmware and then erase it From the host once programmed. Once the programming jumper is removed, only physical access would be sufficient to extract the private key. Here's more information about the hardware: http://altusmetrum.org/ChaosKey/ -- -keith
Attachment:
signature.asc
Description: PGP signature
