On Mon, 23 May 2005 00:30:15 EDT, James Morris said: > Perhaps I don't understand things fully, but what is the purpose of > providing measurement values locally via proc? > > How can they be trusted without the TPM signing an externally generated > nonce? If you can't trust what the kernel is outputting in /proc, you're screwed. And for that matter, how would you verify that it's the TPM that signed the externally generated nonce? (Remember - if you can't trust /proc, then you have to assume that *any* attempt at talking to the TPM from userspace *is* a MITM attack - and you don't have access to any out-of-band info. If the now-untrusted kernel did a MITM on your nonce and signed it with a fake key, then it can *also* MITM your attempt to read the "correct" key from /etc/tpm.key or wherever it is....
Attachment:
pgpzZPDOrTySL.pgp
Description: PGP signature
- References:
- Prev by Date: Re: [PATCH 2 of 4] ima: related Makefile compile order change and Readme
- Next by Date: Re: [RFC][PATCH] rbind across namespaces
- Previous by thread: Re: [PATCH 2 of 4] ima: related Makefile compile order change and Readme
- Next by thread: Re: [PATCH 2 of 4] ima: related Makefile compile order change and Readme
- Index(es):
 |