Recent searches
Search options
Administered by:
I've helped deploy TPM-backed remote attestation at 4 different companies and it's the kind of day where people try to tell me I don't understand TPMs or remote attestation
@mjg59 I'm sure you do understand remote attestation 
(a huge lot better than I do anyway)
But your recent post doesn't mention it, and instead takes apart a weird argument that it's the TPM itself which does the decoding (rather than releasing the secret material that is then used for key negotiation / decoding). Whereas I was indeed expecting you to explain how this is tied in with remote attestation, and how evil (or not?) that is, and why FSF is wrong about that, if they are.
@bugaevc It's not tied in with remote attestation at all, no media streaming companies do that on PCs (and I'm unaware of *any* cases of remote attestation on PCs outside enterprise scenarios where they're having their own hardware attest to them)
@directhex @bugaevc I've uh had some conversations with people there and I'm not sure it's actually remote attestation rather than just looking like it
@directhex @bugaevc My (not verifiable) understanding is that they don't verify any of that, but do use the EK as an ID for denylisting
@mjg59 thanks
1. Is it just a matter of time before media streaming starts to require remote attestation via TPM? Or are there fundamental reasons for why the companies don't actually want that? It seems attractive to verify & require that the device runs a stock non-jailbroken version of iOS for example.
@mjg59
2. Assuming the threat model is: someone with complete physical access to a laptop trying to fool remote attestation into falsely passing — is it true that it's possible to intercept on-board communications between the TPM and the other components (CPU? RAM?), and feed false data into the TPM (pretending to be running stock software) to get it to release the secret material?
@mjg59
3. If the answer to 2 is positive, does that rule out remote attestation as a security mechanism for "protecting" media?
I found https://lwn.net/Articles/894554/ where you do answer some related questions.
@bugaevc @mjg59 The whole TPM approach to this problem is just stupid and an excuse for putting cops in devices. The problem of physical access to backdoor or extract secret is fully solved by putting the secret in volatile storage that's destroyed on any physical tampering, and this handles cases TPM approaches fail to protect.
@bugaevc That's true, but also if this started happening someone would just start selling TPMs you plug in via USB for this purpose
@bugaevc No, it's (in this scenario) easily circumvented and adds no meaningful security. Remote attestation is most useful when you can bind keys to the same hardware as the attestation data, and that's not the case if you're decrypting on the GPU.