>>From: Andrew Sackville-West <[EMAIL PROTECTED]> >>Subject: Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0) >> >>On Tue, Feb 12, 2008 at 10:11:39PM +0900, Kuniyasu Suzaki wrote: >>> >>> >>From: Tzafrir Cohen <[EMAIL PROTECTED]> >>> >>Subject: Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0) >>... >>> >> >>> >>Your disk image is shipped with a kernel image that has a nice root >>> >>exploit (vmpslice). Yeah, I know, bad luck. What impact does it have on >>> >>your guarantees? >>> >>What impact do your guarantees have on exploitations of that hole? >>> >>> Yes, TC-Geeks KNOPPIX can not update but it is good example that we >>> need a remote attestation to check vulnerability. :-) >>> >>> We need to check the kernel at the bootloader stage and keep the chain >>> of trust. >> >>So it sounds like you're combining this trusted boot thing with >>contact with a server somewhere and two together are supposed to >>validate the system at boot time, right?
Yes. It is defined as "Platform Trust Services" by Trusted Computing Group. https://www.trustedcomputinggroup.org/specs/IWG/IF-PTS_v1.0.pdf >>How does the system behave when the authentication server is down? How do >>you deal >>with a compromised authentication server? Client takes vulnerability check only. There is no action on the client. >>just curious about these things... >> >>A Trusted Computing is new concept and has some curious point. ------ suzaki -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
