Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)

[Kuniyasu Suzaki <k.suzaki@aist.go.jp>]

 >>From: Andrew Sackville-West <andrew@farwestbilliards.com>
 >>Subject: Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
 >>
 >>On Tue, Feb 12, 2008 at 10:11:39PM +0900, Kuniyasu Suzaki wrote:
 >>> 
 >>>  >>From: Tzafrir Cohen <tzafrir@cohens.org.il>
 >>>  >>Subject: Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
 >>...
 >>>  >>
 >>>  >>Your disk image is shipped with a kernel image that has a nice root
 >>>  >>exploit (vmpslice). Yeah, I know, bad luck. What impact does it have on
 >>>  >>your guarantees?
 >>>  >>What impact do your guarantees have on exploitations of that hole?
 >>> 
 >>> Yes, TC-Geeks KNOPPIX can not update but it is good example that we
 >>> need a remote attestation to check vulnerability. :-)
 >>> 
 >>> We need to check the kernel at the bootloader stage and keep the chain
 >>> of trust. 
 >>
 >>So it sounds like you're combining this trusted boot thing with
 >>contact with a server somewhere and two together are supposed to
 >>validate the system at boot time, right? 

Yes. It is defined as "Platform Trust Services" by Trusted Computing Group.
   https://www.trustedcomputinggroup.org/specs/IWG/IF-PTS_v1.0.pdf

 >>How does the system behave when the authentication server is down? How do you deal
 >>with a compromised authentication server? 

Client takes vulnerability check only. There is no action on the client.

 >>just curious about these things...
 >>
 >>A

Trusted Computing is new concept and has some curious point.

------
suzaki