Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
>>From: Andrew Sackville-West <andrew@farwestbilliards.com>
>>Subject: Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
>>
>>On Tue, Feb 12, 2008 at 10:11:39PM +0900, Kuniyasu Suzaki wrote:
>>>
>>> >>From: Tzafrir Cohen <tzafrir@cohens.org.il>
>>> >>Subject: Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
>>...
>>> >>
>>> >>Your disk image is shipped with a kernel image that has a nice root
>>> >>exploit (vmpslice). Yeah, I know, bad luck. What impact does it have on
>>> >>your guarantees?
>>> >>What impact do your guarantees have on exploitations of that hole?
>>>
>>> Yes, TC-Geeks KNOPPIX can not update but it is good example that we
>>> need a remote attestation to check vulnerability. :-)
>>>
>>> We need to check the kernel at the bootloader stage and keep the chain
>>> of trust.
>>
>>So it sounds like you're combining this trusted boot thing with
>>contact with a server somewhere and two together are supposed to
>>validate the system at boot time, right?
Yes. It is defined as "Platform Trust Services" by Trusted Computing Group.
https://www.trustedcomputinggroup.org/specs/IWG/IF-PTS_v1.0.pdf
>>How does the system behave when the authentication server is down? How do you deal
>>with a compromised authentication server?
Client takes vulnerability check only. There is no action on the client.
>>just curious about these things...
>>
>>A
Trusted Computing is new concept and has some curious point.
------
suzaki
Reply to: