Trusted Boot in Fedora

Miloslav Trmač mitr at
Thu Jun 23 19:10:53 UTC 2011

On Thu, Jun 23, 2011 at 7:30 PM, JB <jb.1234abcd at> wrote:
> Miloslav Trmač <mitr <at>> writes:
>> On Thu, Jun 23, 2011 at 4:21 PM, JB <jb.1234abcd <at>> wrote:
>> ...
>> > Will the TPM allow a third party remote access to the machine ?
>> Absolutely not.
> You are wrong here.
> "...
> Overview
> ... It also includes capabilities such as remote attestation ..."

"Remote attestation" doesn't mean "remote access" - after all, the TPM
does not contain a network card and it cannot connect an Ethernet
cable to the socket in the wall :)

The TPM support for remote attestation amounts to "if the system was
measured as expected, produce a signature to that effect, and produce
a signature to other data the system has produced for this purpose"
("other data" being e.g. the result of an additional self-check of the
sistem).  What TPM does is a purely local operation.  Whether and how
this ends up on a remote system and whether and how is is used by the
remote system, is a matter of pure software that doesn't need the TPM
for anything else.

TPM doesn't "allow" a third party remote access any more than a CPU
that is strong enough to let you run ssh on it.

More information about the devel mailing list