[Cryptography] programable computers inside our computers (was: Hasty PRISM proofing considered harmful)
Steve Weis
steveweis at gmail.com
Fri Nov 15 14:00:53 EST 2013
On Fri, Nov 15, 2013 at 8:02 AM, Tom Ritter <tom at ritter.vg> wrote:
> Also, I believe TPM 2.0 includes remote attestation. Clearly this
> could be abused, and probably will be, but I'm also interested in
> applicability in scenarios where the queryier and attestor are in
> cooperation. I'd love to query cryptocat's servers and verify they are
> running a particular system build without modification.
> ...
Was there a question that remote attestation would be removed from TPM
2.0? I assumed it would continue to be included, but perhaps I'm
wrong.
Remote attestation works on TPM 1.2 with TXT as you describe. You can
bring up a remote host and measure the BIOS, OptROMS, SINIT, MLE,
kernel, boot parameters, initrd, etc.
We have this working in practice on some dedicated hosting providers.
There are some security caveats and vendor-specific nits, though.
More information about the cryptography
mailing list