Recent Features
| |||||||||||||
Doesn't do so much for remote verificationDoesn't do so much for remote verificationPosted May 28, 2005 17:32 UTC (Sat) by stephen_pollei (guest, #23348)In reply to: Doesn't do so much for remote verification by jvotaw Parent article: The Integrity Measurement Architecture Reiner Sailer <sailer@us.ibm.com> on the LKML has said "You retrieve not only the measurement list from a system (kernel) but also a signature over the TPM PCR holding the integrity value. Nonces (random numbers) are used to protect against replay of old signed TPM PCR contents by the kernel. Since PCR is signed inside the TPM together with the nonce, corrupt system software can't cheat unnoticedly.". So it seems they have thought of replay attacks.
(Log in to post comments)
Doesn't do so much for remote verification Posted May 28, 2005 19:09 UTC (Sat) by Ross (subscriber, #4065) [Link] However they can't protect against an untrusted system feeding the hardwarethe checksums that would exist, in the correct order, on a trusted system. The untrusted system simply lies to itself. Unless this hardware actually scanned through all of RAM I don't see how it could avoid this -- it relies on something external to perform the checksums.
Thus the remote attestation feature can only be trusted when the system is
|
|||||||||||||