Trusted Boot in Fedora

JB jb.1234abcd at
Thu Jun 23 17:30:39 UTC 2011

Miloslav Trmač <mitr <at>> writes:

> On Thu, Jun 23, 2011 at 4:21 PM, JB <jb.1234abcd <at>> wrote:
> ... 
> > Will the TPM allow a third party remote access to the machine ?
> Absolutely not.

You are wrong here.
... It also includes capabilities such as remote attestation ..."


> ...
> > By the virtue of beeing associated with the "root of trust" ?
> "Root of trust" in TPM lingo is something different - it's "we know
> that the kernel and related software we run has not been tampered
> with".  The root of trust is established by the tboot blob, which
> should verify the state of all relevant hardware.

There is more to that.
With regard to "root of trust" origin, meaning, applications:

1. OS privilege isolation
   Who remembers the ring hierarchy introduced on the 286 that allowed
   creating an operating system with privilege isolation?
   Trusted Execution Technology (TXT) comes as a reinforcement to deal with
   threats that act on the same level of the kernel operating system or even
   more privileged levels -- like hypervisor’s malware, where the malicious
   code can take advantage of the CPU virtualization instructions to emulate
   hardware instructions and completely control the operating system.

2. platform integrity (hardware plus software)
   Platform Integrity
   ... In this context "integrity" means "behave as intended" and
   a "platform" is generically any computer platform - not limited to PCs or
   just Windows ...
   Together with the BIOS, the TPM forms a Root of Trust: ...

3. DRM; Software Licensing.
   Other uses and concerns
   Almost any encryption-enabled application can in theory make use of a TPM,
    Digital rights management
    Software license protection & enforcement

> ... 


More information about the devel mailing list