Good article to show people thinking about switching away from
M$.
Michael Halcrow
mike at halcrow.us
Sun May 7 14:06:03 MDT 2006
On Sun, May 07, 2006 at 05:35:32PM +0000, Jason Holt wrote:
> I've never been able to nail down a case of a non-evil use of this
> technology that couldn't be done purely in software or with a much
> simpler piece of hardware. Could you describe one or two, please?
> (And as to naming, you have to admit that they've come up with a
> bewildering number of terms for everyone to keep straight.)
One use I have in mind involves protecting the key that is used to
encrypt the contents of a device, wherein the data on that device
should only be accessible on a certain host or set of hosts running a
particular operating environment. The TPM can be configured to only
``release'' a key if the machine is attested with a certain stack
(bootloader, kernel, modules, etc.). If an attacker gets a hold of the
storage device and the passphrase, he still cannot decrypt the
contents without being at the machine, and the machine must be booted
through a trusted chain in order for the key to be released -- meaning
that the authentication mechanism enforced in that operating
environment also protects the data.
Mike
.___________________________________________________________________.
Michael A. Halcrow
Security Software Engineer, IBM Linux Technology Center
GnuPG Fingerprint: 419C 5B1E 948A FA73 A54C 20F5 DB40 8531 6DCA 8769
"To prohibit sharing software is to cut the bonds of society."
- Richard Stallman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
Url : http://plug.org/pipermail/plug/attachments/20060507/ac1c6097/attachment.pgp
More information about the PLUG
mailing list