On Thu, 2005-02-03 at 22:25 +0100, Anonymous wrote:
The manufacturer issues a certificate on the public part of the EK, called the PUBEK. This key is then used (in a somewhat roundabout manner) to issue signed statements which attest to the software state of the machine. These attestations are what allow a remote server to know if you are running a client software configuration which the server finds acceptable, allowing the server to refuse service to you if it doesn't like what you're running. And this is the foundation for DRM.
Isn't it possible to emulate the TCPA chip in software, using one's own RSA key, and thus signing whatever you damn well please with it instead of whatever the chip wants to sign? So in reality, as far as remote attestation goes, it's only as secure as the software driver used to talk to the TCPA chip, right? -- Shawn K. Quinn <skquinn@speakeasy.net>