Date: 2016-04-05 01:46 am (UTC)
I thought the point of TPMs was to hold secrets and reveal or use them only when the stars were aligned the PCRs had the right values. But you seem to be talking about policies running on the host that verify an earlier component by checking the PCRs, and I thought the whole point was you can't verify an earlier component except through whether the TPM gives up its secrets or not.

As for remote attestation - so far as I can see, there's nothing to stop a rogue system from calculating the 'right' hash and reporting that.

What am I missing?
Identity URL: 
Account name:
If you don't have an account you can create one now.
HTML doesn't work in the subject.


If you are unable to use this captcha for any reason, please contact us by email at

Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.


Matthew Garrett

About Matthew

Power management, mobile and firmware developer on Linux. Security developer at Google. Ex-biologist. @mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer.

Expand Cut Tags

No cut tags