I thought the point of TPMs was to hold secrets and reveal or use them only when the stars were aligned the PCRs had the right values. But you seem to be talking about policies running on the host that verify an earlier component by checking the PCRs, and I thought the whole point was you can't verify an earlier component except through whether the TPM gives up its secrets or not.
As for remote attestation - so far as I can see, there's nothing to stop a rogue system from calculating the 'right' hash and reporting that.
Confused
the stars were alignedthe PCRs had the right values. But you seem to be talking about policies running on the host that verify an earlier component by checking the PCRs, and I thought the whole point was you can't verify an earlier component except through whether the TPM gives up its secrets or not.As for remote attestation - so far as I can see, there's nothing to stop a rogue system from calculating the 'right' hash and reporting that.
What am I missing?