Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
>>From: Andrew Sackville-West <firstname.lastname@example.org>
>>Subject: Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
>>On Tue, Feb 12, 2008 at 10:11:39PM +0900, Kuniyasu Suzaki wrote:
>>> >>From: Tzafrir Cohen <email@example.com>
>>> >>Subject: Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
>>> >>Your disk image is shipped with a kernel image that has a nice root
>>> >>exploit (vmpslice). Yeah, I know, bad luck. What impact does it have on
>>> >>your guarantees?
>>> >>What impact do your guarantees have on exploitations of that hole?
>>> Yes, TC-Geeks KNOPPIX can not update but it is good example that we
>>> need a remote attestation to check vulnerability. :-)
>>> We need to check the kernel at the bootloader stage and keep the chain
>>> of trust.
>>So it sounds like you're combining this trusted boot thing with
>>contact with a server somewhere and two together are supposed to
>>validate the system at boot time, right?
Yes. It is defined as "Platform Trust Services" by Trusted Computing Group.
>>How does the system behave when the authentication server is down? How do you deal
>>with a compromised authentication server?
Client takes vulnerability check only. There is no action on the client.
>>just curious about these things...
Trusted Computing is new concept and has some curious point.