Trusted Boot in Fedora
Miloslav Trmač
mitr at volny.cz
Thu Jun 23 19:10:53 UTC 2011
On Thu, Jun 23, 2011 at 7:30 PM, JB <jb.1234abcd at gmail.com> wrote:
> Miloslav Trmač <mitr <at> volny.cz> writes:
>
>>
>> On Thu, Jun 23, 2011 at 4:21 PM, JB <jb.1234abcd <at> gmail.com> wrote:
>> ...
>> > Will the TPM allow a third party remote access to the machine ?
>> Absolutely not.
>
> You are wrong here.
>
> http://en.wikipedia.org/wiki/Trusted_Platform_Module
> "...
> Overview
> ... It also includes capabilities such as remote attestation ..."
"Remote attestation" doesn't mean "remote access" - after all, the TPM
does not contain a network card and it cannot connect an Ethernet
cable to the socket in the wall :)
The TPM support for remote attestation amounts to "if the system was
measured as expected, produce a signature to that effect, and produce
a signature to other data the system has produced for this purpose"
("other data" being e.g. the result of an additional self-check of the
sistem). What TPM does is a purely local operation. Whether and how
this ends up on a remote system and whether and how is is used by the
remote system, is a matter of pure software that doesn't need the TPM
for anything else.
TPM doesn't "allow" a third party remote access any more than a CPU
that is strong enough to let you run ssh on it.
Mirek
More information about the devel
mailing list