On Sat, 3 Aug 2002, AARG! Anonymous wrote:
The TPM public key is called the Endorsement key - this is the key which is signed by the manufacturer and which proves that the TPM is a valid implementation of TCPA. Here is what section 9.2 of the TCPA spec says about it:
: A TPM only has one asymmetric endorsement key pair. Due to the nature of : this key pair, both the public and private parts of the key have privacy : and security concerns. : : Exporting the PRIVEK from the TPM must not occur. This is for security : reasons. The PRIVEK is a decryption key and never performs any signature : operations. : : Exporting the public PUBEK from the TPM under controlled circumstances : is allowable. Access to the PUBEK must be restricted to entities that : have a "need to know." This is for privacy reasons.
And in another message: I said: => In other words, the manufacturer has access to all your data because => they have the master storage key. => => Why would everyone want to give one manufacturer that much power? AARGH! said:
It's not quite that bad. I mentioned the blinding. What happens is that before the master storage key is encrypted, it is XOR'd with a random value, which is also output by the TPM along with the encrypted recovery blob. You save them both, but only the encrypted blob gets sent to the manufacturer. So when the manufacturer decrypts the data, he doesn't learn your secrets.
The system is cumbersome, but not an obvious security leak.
Who owns PRIVEK? Who controls PRIVEK? That's who own's TCPA. And then there was this comment in yet another message:
In addition, we assume that programs are able to run "unmolested"; that is, that other software and even the user cannot peek into the program's memory and manipulate it or learn its secrets. Palladium has a feature called "trusted space" which is supposed to be some special memory that is immune from being compromised. We also assume that all data sent between computers is encrypted using something like SSL, with the secret keys being held securely by the client software (hence unavailable to anyone else, including the users).
Just how "immune" is this program space? Does the operator/owner of the machine control it, or does the owner of PRIVEK control it? So the owner of PRIVEK can send a trojan into my machine and take it over anytime they want. Cool, kind of like the movie "Collosis" where a super computer takes over the world. The more I learn about TCPA, the more I don't like it. Patience, persistence, truth, Dr. mike