On Thu, Jun 23, 2011 at 7:30 PM, JB <jb.1234abcd(a)gmail.com> wrote:
Miloslav Trmač <mitr <at> volny.cz> writes:
>
> On Thu, Jun 23, 2011 at 4:21 PM, JB <jb.1234abcd <at> gmail.com> wrote:
> ...
> > Will the TPM allow a third party remote access to the machine ?
> Absolutely not.
You are wrong here.
http://en.wikipedia.org/wiki/Trusted_Platform_Module
"...
Overview
... It also includes capabilities such as remote attestation ..."
"Remote attestation" doesn't mean "remote access" - after all, the
TPM
does not contain a network card and it cannot connect an Ethernet
cable to the socket in the wall :)
The TPM support for remote attestation amounts to "if the system was
measured as expected, produce a signature to that effect, and produce
a signature to other data the system has produced for this purpose"
("other data" being e.g. the result of an additional self-check of the
sistem). What TPM does is a purely local operation. Whether and how
this ends up on a remote system and whether and how is is used by the
remote system, is a matter of pure software that doesn't need the TPM
for anything else.
TPM doesn't "allow" a third party remote access any more than a CPU
that is strong enough to let you run ssh on it.
Mirek