Re: [PATCH 2 of 4] ima: related Makefile compile order change and Readme

From: Valdis . Kletnieks
Date: Sun May 22 2005 - 23:54:26 EST

Next message: Miklos Szeredi: "Re: [RFC][PATCH] rbind across namespaces"
Previous message: James Morris: "Re: [PATCH 2 of 4] ima: related Makefile compile order change andReadme"
In reply to: James Morris: "Re: [PATCH 2 of 4] ima: related Makefile compile order change andReadme"
Next in thread: Pavel Machek: "Re: [PATCH 2 of 4] ima: related Makefile compile order change and Readme"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 23 May 2005 00:30:15 EDT, James Morris said:

> Perhaps I don't understand things fully, but what is the purpose of
> providing measurement values locally via proc?
>
> How can they be trusted without the TPM signing an externally generated
> nonce?

If you can't trust what the kernel is outputting in /proc, you're screwed.

And for that matter, how would you verify that it's the TPM that signed the
externally generated nonce? (Remember - if you can't trust /proc, then you
have to assume that *any* attempt at talking to the TPM from userspace *is*
a MITM attack - and you don't have access to any out-of-band info. If the
now-untrusted kernel did a MITM on your nonce and signed it with a fake key,
then it can *also* MITM your attempt to read the "correct" key from /etc/tpm.key
or wherever it is....

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Miklos Szeredi: "Re: [RFC][PATCH] rbind across namespaces"
Previous message: James Morris: "Re: [PATCH 2 of 4] ima: related Makefile compile order change andReadme"
In reply to: James Morris: "Re: [PATCH 2 of 4] ima: related Makefile compile order change andReadme"
Next in thread: Pavel Machek: "Re: [PATCH 2 of 4] ima: related Makefile compile order change and Readme"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]