Dell to Add Security Chip to PCs
Eric Murray
ericm at lne.com
Fri Feb 4 06:28:33 PST 2005
On Thu, Feb 03, 2005 at 11:45:01PM -0600, Shawn K. Quinn wrote:
> Isn't it possible to emulate the TCPA chip in software, using one's own
> RSA key, and thus signing whatever you damn well please with it instead
> of whatever the chip wants to sign? So in reality, as far as remote
> attestation goes, it's only as secure as the software driver used to
> talk to the TCPA chip, right?
The TCPA chip verifies the (signature on the) BIOS and the OS.
So the software driver is the one that's trusted by the TCPA chip.
Plus the private key is kept in the chip, so it can't
be read by your emulator. If your emulator picks its own key pair
then its attesations will be detected as invalid by a
relying party that's using the real TCPA public keys.
Eric
More information about the cypherpunks-legacy
mailing list