Oh, sorry, I see the scenario you're describing now (the GPU establishes a communication session with the TPM that's opaque to the OS) - the easy way around that would just be to fake a TPM, unless the GPU itself is going to have a database of every legitimate EK cert CA, which would mean this would stop working if the GPU were plugged into a machine with too new a TPM.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
no subject
Date: 2025-01-02 06:17 am (UTC)