Re: Some thoughts

l4-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Some thoughts

From:	Jonathan S. Shapiro
Subject:	Re: Some thoughts
Date:	Wed, 07 Jun 2006 01:20:07 -0400

On Tue, 2006-06-06 at 22:09 +0200, Bas Wijnen wrote:
> On Tue, Jun 06, 2006 at 03:40:07PM +0200, Ludovic Court?s wrote:
> > > Not that I disprove or dismiss the use of TC for OS verification,
> > 
> > Just a bit of nitpicking: TC is not about software verification, but
> > about software *certification*, i.e., certification by a "certification
> > authority".  This is very different.
> 
> That may be what it's meant for, but it's not what it does.  What it does is
> verification (by means of a signature of a trusted (secret) key on the code).
> This verification can (and will) be used for certification, indeed, but the
> hardware doesn't actually do that, and could be used for other things if
> desired (although I don't see any other use for OS verification).

Technically, no. What it does is attestation, not verification. The TPM
does not prohibit any kernel from running. What it does is provide a
strongly credible attestation about what kernel it is.

There *is* a small verification step associated with secure storage, but
I don't think that is what you were referring to above.

shap

[Prev in Thread]

Current Thread

[Next in Thread]

Some thoughts, Jean-Christophe Haessig, 2006/06/04
- Re: Some thoughts, Bas Wijnen, 2006/06/05
- Re: Some thoughts, Ludovic Courtès, 2006/06/06
  - Re: Some thoughts, Bas Wijnen, 2006/06/06
    - Re: Some thoughts, Jonathan S. Shapiro <=
    - Re: Some thoughts, Bas Wijnen, 2006/06/07
    - Re: Some thoughts, Michael D. Adams, 2006/06/07
    - Re: Some thoughts, Ludovic Courtès, 2006/06/08

Prev by Date: Re: Confinement (even with TPMs) and DRM are not mutually exclusive
Next by Date: Re: Confinement (even with TPMs) and DRM are not mutually exclusive
Previous by thread: Re: Some thoughts
Next by thread: Re: Some thoughts
Index(es):
- Date
- Thread