On Mon, Sep 21, 2009 at 3:38 AM, Sam Mason
<address@hidden> wrote:
I thought the point of TPM was that the kernel can't lie, or rather if
it does then you can trivially find out that it has. You end up getting
a signature of the programs in the TCB and hence you can allow your
code to run only if you know that this set of processes are known to be
"good".
Not quite. Here is what TPM gives you:
* The TPM computes a cryptographic hash of your BIOS, your
bootloader, and your kernel [in sequence] as the system boots up.
(an HMAC).
* The kernel can later ask the TPM to produce a signed packet
containing that HMAC using public key signature methods.
So if an application wants to know, it must ask the kernel, which asks the TPM. The kernel can refuse to answer, but an incorrect answer is detectable.