* Matthew Garrett (mj...@coreos.com) wrote:
> On Fri, Jul 15, 2016 at 4:29 AM, Dr. David Alan Gilbert > wrote:
>
> > * Matthew Garrett (mj...@coreos.com) wrote:
> >a) (one that works) 'are all the VMs on my hosts running trusted OSs'
> > That works with this just as well as with a vTPM;
On Jul 18, 2016 17:46, "Stefan Berger" wrote:
>
>
> Matthew Garrett wrote on 07/18/2016 08:39:07 PM:
>
>
> >
> > On Jul 18, 2016 17:08, "Stefan Berger" wrote:
> > > The point of the TPM is that the device that holds the state of
> > the PCRs provides the signatures over their state rather than s
Matthew Garrett wrote on 07/18/2016 08:39:07 PM:
>
> On Jul 18, 2016 17:08, "Stefan Berger" wrote:
> > The point of the TPM is that the device that holds the state of
> the PCRs provides the signatures over their state rather than some
> other 'entity' whose trustworthiness wouldn't be clear
On Jul 18, 2016 17:08, "Stefan Berger" wrote:
> The point of the TPM is that the device that holds the state of the PCRs
provides the signatures over their state rather than some other 'entity'
whose trustworthiness wouldn't be clear. Admittedly the device comes with
its own set of challenges.
T
Matthew Garrett wrote on 07/18/2016 07:52:22 PM:
> Subject: Re: [Qemu-devel] [PATCH] hw/misc: Add simple measurement
hardware
>
> On Mon, Jul 18, 2016 at 4:40 PM, Stefan Berger
wrote:
> > The TPM security's model related to logs, the state of the PCRs, and
> >
Matthew Garrett wrote on 07/18/2016 05:26:03 PM:
>
> On Fri, Jul 15, 2016 at 11:11 AM, Stefan Berger
wrote:
> >
> >
> > Typically the TPM is there for the reason: it is a hardware root
> of trust that signs the current state of the PCRs that were
> accumulated by measurements starting early
On Mon, Jul 18, 2016 at 4:40 PM, Stefan Berger wrote:
> The TPM security's model related to logs, the state of the PCRs, and
> attestation involves the following pieces:
>
> - PCRs
> - measurement log
> - EK + certificate
> - platform certificate
> - AIK + certificate
> - quotes (signatures) on PC
On Fri, Jul 15, 2016 at 11:11 AM, Stefan Berger wrote:
>
> Are you also providing a measurement log that goes along with these PCR
> extensions? Like a measurement log we have in the TCPA ACPI table? Just
> measurements without knowing what was measured wouldn't be all that helpful.
> Typically
On Fri, Jul 15, 2016 at 4:29 AM, Dr. David Alan Gilbert wrote:
> * Matthew Garrett (mj...@coreos.com) wrote:
>a) (one that works) 'are all the VMs on my hosts running trusted OSs'
> That works with this just as well as with a vTPM; you ask your
> hypervisor to
> give you the measu
"Dr. David Alan Gilbert" wrote on 07/15/2016
07:29:24 AM:
>
> * Matthew Garrett (mj...@coreos.com) wrote:
>
> Hi Matthew,
> (Ccing in Stefan who has been trying to get vTPM in for years and
>Paolo for any x86ism and especially the ACPIisms, and Daniel for
> crypto stuff)
>
> I'll repea
* Matthew Garrett (mj...@coreos.com) wrote:
Hi Matthew,
(Ccing in Stefan who has been trying to get vTPM in for years and
Paolo for any x86ism and especially the ACPIisms, and Daniel for crypto
stuff)
I'll repeat some of my comments from yesterday's irc chat so you can reply on
list.
So o
On Thu, Jul 14, 2016 at 11:54 PM, Daniel P. Berrange
wrote:
> On Thu, Jun 23, 2016 at 04:36:59PM -0700, Matthew Garrett wrote:
> > In combination with work in SeaBIOS and the kernel, this permits a fully
> measured
> > boot in a virtualised environment without the overhead of a full TPM
> > imple
On Thu, Jun 23, 2016 at 04:36:59PM -0700, Matthew Garrett wrote:
> Trusted Boot is based around having a trusted store of measurement data and a
> secure communications channel between that store and an attestation target. In
> actual hardware, that's a TPM. Since the TPM can only be accessed via t
Any feedback on this?
Trusted Boot is based around having a trusted store of measurement data and a
secure communications channel between that store and an attestation target. In
actual hardware, that's a TPM. Since the TPM can only be accessed via the host
system, this in turn requires that the TPM be able to perform r
Trusted Boot is based around having a trusted store of measurement data and a
secure communications channel between that store and an attestation target. In
actual hardware, that's a TPM. Since the TPM can only be accessed via the host
system, this in turn requires that the TPM be able to perform r
16 matches
Mail list logo
