Re: [PATCH 2 of 4] ima: related Makefile compile order change and Readme
From: Valdis . Kletnieks
Date: Sun May 22 2005 - 23:54:26 EST
On Mon, 23 May 2005 00:30:15 EDT, James Morris said:
> Perhaps I don't understand things fully, but what is the purpose of
> providing measurement values locally via proc?
>
> How can they be trusted without the TPM signing an externally generated
> nonce?
If you can't trust what the kernel is outputting in /proc, you're screwed.
And for that matter, how would you verify that it's the TPM that signed the
externally generated nonce? (Remember - if you can't trust /proc, then you
have to assume that *any* attempt at talking to the TPM from userspace *is*
a MITM attack - and you don't have access to any out-of-band info. If the
now-untrusted kernel did a MITM on your nonce and signed it with a fake key,
then it can *also* MITM your attempt to read the "correct" key from /etc/tpm.key
or wherever it is....
Attachment:
pgp00000.pgp
Description: PGP signature