TPM & disk crypto
Ivan Krstić
krstic at solarsail.hcs.harvard.edu
Thu Oct 12 14:04:37 EDT 2006
Alexander Klimov wrote:
> Since a regular installation
> should not change ``reported OS hash,'' TPM will not be able to detect
> the difference. Am I missing something?
You're missing the marketing value of saying "this piece of hardware,
that you probably wouldn't otherwise want in your machine since it makes
sure that the machine can be trusted /against/ you, is great! Because it
protects you against trojans! And everyone wants to be safe from
trojans, right?".
> Btw, how the TCG allows to regularly change the kernel for security
> patches and still keep the same ``reported hash''?
The Microsoft guy presenting BitLocker at HITB last month mentioned
this, but glossed over it without explaining. He did seem to indicate
that they had some solution, but didn't provide details, IIRC.
--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | GPG: 0x147C722D
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list