[PATCH v4 0/7] add integrity and security to TPM2 transactions

Jarkko Sakkinen jarkko.sakkinen at linux.intel.com
Wed Oct 24 00:06:42 UTC 2018


On Mon, 22 Oct 2018, Ken Goldman wrote:
> Does this design assume that there was at time zero no monitoring?
> This would permit some shared secret to be established.
>
> Or does it assume that the interception may have been present from
> the first boot?  If so, how is the first shared secret established.
> Salting using the EK is the usual method, but this requires walking the EK
> certificate chain and embedding the TPM vendor CA certificates in the kernel.

Kernel gets the public portion EK and uses its own key pair in its own
end so everything should be good, right?

/Jarkko



More information about the Linux-security-module-archive mailing list