Trusted Boot in Fedora
Jon Ciesla
limb at jcomserv.net
Thu Jun 23 17:30:58 UTC 2011
> Miloslav TrmaÄ <mitr <at> volny.cz> writes:
>
>>
>> On Thu, Jun 23, 2011 at 4:21 PM, JB <jb.1234abcd <at> gmail.com> wrote:
>> ...
>> > Will the TPM allow a third party remote access to the machine ?
>> Absolutely not.
>
> You are wrong here.
>
> http://en.wikipedia.org/wiki/Trusted_Platform_Module
> "...
> Overview
> ... It also includes capabilities such as remote attestation ..."
>
> Also:
> http://lists.fedoraproject.org/pipermail/users/2011-June/400545.html
So how do we ensure that software is not leveraging this by default and is
user-auditable?
>> ...
>> > By the virtue of beeing associated with the "root of trust" ?
>> "Root of trust" in TPM lingo is something different - it's "we know
>> that the kernel and related software we run has not been tampered
>> with". The root of trust is established by the tboot blob, which
>> should verify the state of all relevant hardware.
>
> There is more to that.
> With regard to "root of trust" origin, meaning, applications:
>
> 1. OS privilege isolation
>
> http://communities.intel.com/community/openportit/vproexpert/blog/2011/01/25/trusted-execution-technology-aka-txt-what-is-it?wapkw=%28trusted+boot%29
> "...
> Who remembers the ring hierarchy introduced on the 286 that allowed
> creating an operating system with privilege isolation?
> ...
> Trusted Execution Technology (TXT) comes as a reinforcement to deal
> with
> threats that act on the same level of the kernel operating system or
> even
> more privileged levels -- like hypervisorâs malware, where the
> malicious
> code can take advantage of the CPU virtualization instructions to
> emulate
> hardware instructions and completely control the operating system.
> ..."
>
> 2. platform integrity (hardware plus software)
> http://en.wikipedia.org/wiki/Trusted_Platform_Module
> "...
> Platform Integrity
> ... In this context "integrity" means "behave as intended" and
> a "platform" is generically any computer platform - not limited to PCs
> or
> just Windows ...
> ...
> Together with the BIOS, the TPM forms a Root of Trust: ...
> ..."
>
> 3. DRM; Software Licensing.
> http://en.wikipedia.org/wiki/Trusted_Platform_Module
> "...
> Other uses and concerns
> Almost any encryption-enabled application can in theory make use of a
> TPM,
> including:
> Digital rights management
> Software license protection & enforcement
> ..."
>
>> ...
>
> JB
>
>
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
>
--
in your fear, seek only peace
in your fear, seek only love
-d. bowie
More information about the devel
mailing list