TPM & disk crypto
Kuehn, Ulrich
Ulrich.Kuehn at telekom.de
Mon Oct 9 04:34:03 EDT 2006
> From: Erik Tews [mailto:erik at debian.franken.de]
> Sent: Donnerstag, 5. Oktober 2006 23:52
>
[...]
>
> Later, you can remotely query your system and get a report
> what has been bootet on your system. You can do this query
> using a java application and tpm4java.
>
However, this is the big problem with the TPM according to the TCG spec. While you can remotely verify that the system came up according to what you installed there, you have no means to force it to either come up the way you want, or to be in a clear error state. That is the huge difference between the verifiable booting the TPM provides and secure booting, which would run only predetermined software.
I assume that the TCG chose not to implement the latter due to fear of public bashing...
Ulrich
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list