TPM & disk crypto

Brian Gladman brg at gladman.plus.com
Tue Oct 10 07:56:07 EDT 2006


Adam Back wrote:

> So the part about being able to detect viruses, trojans and attest
> them between client-server apps that the client and server have a
> mutual interest to secure is fine and good.
> 
> The bad part is that the user is not given control to modify the hash
> and attest as if it were the original so that he can insert his own
> code, debug, modify etc.
> 
> (All that is needed is a debug option in the BIOS to do this that only
> the user can change, via BIOS setup.)

I haven't been keeping up to date with this trusted computing stuff over
the last two years but when I was last involved it was accepted that it
was vital that the owner of a machine (not necessarily the user) should
be able to do the sort of things you suggest and also be able to exert
ultimate control over how a computing system presents itself to the
outside world.

Only in this way can we undermine the treacherous computing model of
"trusted machines with untrusted owners" and replace it with a model in
which "trust in this machine requires trust in its owner" on which real
information security ultimately depends (I might add that even this
model has serious potential problems when most machine owners do not
understand security).

Does anyone know the current state of affairs on this issue within the
Trusted Computing Group (and the marketed products of its members)?

   Brian Gladman


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list