Robert Millan wrote: > On Fri, Feb 20, 2009 at 03:03:04AM +0200, Alex Besogonov wrote: >> On Fri, Feb 20, 2009 at 2:29 AM, Jan Alsenz <janals...@student.ethz.ch> >> wrote: >> [skip] >>> The TPM can proof to another party, that the PCRs have certain >>> values (of >>> course the communication needs to be established by normal software running >>> on >>> the machine) >> Yes, I'm trying to do remote attestation. > > You're confusing things. I think you simply want to ensure data integrity, > and > the TPM doesn't even do that: it simply puts the problem in hands of a third > party. > > "remote attestation" is only useful when you want to coerce others into > running your (generaly proprietary) software. I hope this is not what you > want to do. Yes, this is exactly what he tries do to: convince his keyserver, that the requesting server runs, what it's supposed to.
Which is exactly remote attestation, just in this case he controls both sides, which I think makes it an interesting use of the technology. >>>> First, I don't think it's possible to implement SHA-1 hashing in MBR - >>>> there's probably just not enough space left in 512-byte code segment >>>> for that. >>> I am very sure of that. >> Well, I spoke phcoder on Jabber - there might be a way to do this. >> He's going to investigate it. > > This is unnecessary. Once GRUB supports crypto, it can simply load > itself from an encrypted filesystem on disk. An image can be of > arbitrary size. Ok, but where does it get the key from? And how can wherever the key comes from be sure that it's talking to GRUB? Greets, Jan
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
