trusted-computing

Is it possible to prove to the remote party that the application I am running in my system is the same as I am claiming that I am running using DRTM or SRTM? If yes then How? Theoretically: yes. The concept is called remote attestation. The basic idea is: First you have a sound chain of trust built on your platform, like: BIOS ==> Boot loader ==> OS ==> Applications The resulting measurements are stored in the PCRs. Now you can let the TPM sign this set of PCRs, that's called quote . You can submit this quote to a remote entity. Here the problems start: How can you proof that the quote was

How can I encrypt bytes using a machine's TPM module? CryptProtectData Windows provides a (relatively) simple API to encrypt a blob using the CryptProtectData API, which we can wrap an easy to use function: public Byte[] ProtectBytes(Byte[] plaintext) { //... } The details of ProtectBytes are less important than the idea that you can use it quite easily: here are the bytes I want encrypted by a secret key held in the System give me back the encrypted blob The returned blob is an undocumented documentation structure that contains everything needed to decrypt and return the original data (hash

For security reasons, it is desirable to check the integrity of code before execution, avoiding tampered software by an attacker. So, my question is How to sign executable code and run only trusted software under Linux? I have read the work of van Doom et al. , Design and implementation of signed executables for Linux , and the IBM's TLC (Trusted Linux Client) by Safford & Zohar. TLC uses TPM controller, what is nice, but the paper is from 2005 and I was unable to find current alternatives. Do you know another options? UPDATE : And about other OS's? OpenSolaris? BSD family? The DigSig kernel