Matthew Garrett ([personal profile] mjg59) wrote 2016-04-05 04:01 am (UTC)

Re: Confused

Yeah, this requires some form of remote attestation to handle the policy - you can't validate it locally. The quote from the TPM is signed with a key that chains back to the TPM's endorsement key (and the EK certificate certifies that it chains back to the TPM manufacturer) so it's not arbitrarily fakeable, and there's an embedded nonce that's provided by the system requesting the quote so you can't just replay old quotes.
(3 comments)

Post a comment in response:

If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.