On Fri, Jun 24, 2011 at 11:01 AM, Camilo Mesias <camilo(a)mesias.co.uk> wrote:
I don't know
how a networked system using the technology could be differentiated
from an (insecure) software simulation of the same from a remote
viewer's perspective.
The attestation is signed by a key that cannot be
extracted from the TPM.
Also I don't see how it would be used in the
world of servers where virtualisation is the way the world is going.
I suppose one
would have to first authenticate the hypervisor, and
then rely on it to help authenticate the guests.
I
can imagine some limited application in an appliance, but only if the
system was end-to-end secured, with a trusted kernel that only runs
signed binaries and those binaries only running signed plugins, for
example to play content locked material. While that is something that
could feasibly be built with open source software, it's not something
I imagine most users would be interested in.
An oVirt node (a tiny-footprint
hypervisor appliance) fits this
description exactly.
Mirek