Documenting the proposal for TPM 2.0 security in the face of bus interposer attacks
Jarkko Sakkinen
jarkko.sakkinen at linux.intel.com
Tue Nov 20 23:41:56 UTC 2018
On Tue, Nov 20, 2018 at 09:17:59AM -0800, James Bottomley wrote:
> OK, the TPM is supposed to provide attestation of the correct
> environment on a device under someone else's control (the classic
> example is laptop provided by a company to an employee). The device is
> under the physical control of the entity you don't entirely trust so
> the TPM is supposed to attest that they're running an approved OS ...
> we have whole TCG specs for that situation.
For me the classic scenario would be more like protecting the employee
that you have given confidential data from 3rd party adversaries. If an
employee that you get confidential data is in fact an adversary, you are
screwed. Even if the device is untampered.
Having less likely untampered device would still be for better direction
against 3rd party adversaries but alone this does not really solve the
puzzle.
There are technologies like ARM TZ and Intel SGX to provide more secure
host side. But if you have such technologies available you can use them
to run the whole TPM and the problem is solved (at least TZ is used for
this today and you could use SGX to do the same).
/Jarkko
More information about the Linux-security-module-archive
mailing list