[linux-elitists] Monday 15 Dec: first all-Open Source System-on-Chip

Peter Clay pete@flatline.org.uk
Fri Dec 12 03:41:52 PST 2003

On Thu, 11 Dec 2003, Seth David Schoen wrote:

> Therefore, the _availability_ of a valid encryption or decryption key
> inside the TPM -- to make an unseal operation work properly -- depends
> on what software is really running.  You can have many different
> operating environments installed on a single PC -- differing by a
> little or a while -- and in principle they cannot unseal one another's
> sealed data at all, because each one has its own family of PCR values
> that results when it's booted.

My understanding of this is that it renders the core code (that subject to
PCR hashing) unpatchable, because if you ever change it you lose all your
secured data.

> The trusted computing applets are not supposed to have direct access
> to any hardware

I find that surprising, as it renders them kind of useless for
"protecting" audio. Do you know how this relates to the "Secure Audio
Path" idea which was big last year?

The "trusted worm" idea appeals to me; I've been kicking various versions
of it around on mailing lists for a while now. Until I see a NGSCB machine
I don't know exactly how it will work. Even if you can't create your own
secure area, it should be possible to exploit someone else's, e.g. by
buffer overrunning Windows Media Player. That would let you use its Super
Sekrit Music Vault (or whatever) to store stuff where the user can't get
at it.

The proposed Office document encryption and revocation features sound like
fun. It could be the great extortion opportunity of the future - "We've
taken all your document master keys. Send us $1000 if you ever want to see
them again."

Peter Clay                                         | Campaign for   _  _| .__
                                                   | Digital       /  / | |
                                                   | Rights!       \_ \_| |
                                                   | http://www.ukcdr.org

More information about the linux-elitists mailing list