-
Notifications
You must be signed in to change notification settings - Fork 141
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Statement on HW / SW TPM #591
Comments
tagging tpm folks @stefanberger @puiterwijk |
Yes, for software TPM you have to trust the underlying host and admin(s): https://github.com/stefanberger/swtpm/wiki#securitytrust-model-of-the-software-tpm |
I agree with the spirit of this change. "DO NOT USE" is too harsh. It's just different tradeoffs as it does provide protection against a lot of intrusion attacks, just not a malicious hypervisor. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 7 days if no further activity occurs. Thank you for your contributions. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 7 days if no further activity occurs. Thank you for your contributions. |
I think we could be a little less forceful in this view
A swtpm for sure does not provide the same level of guarantees as a HW tpm, however its still superior to something like AIDE. Someone could use a cloud providers swtpm (google cloud provide them). Granted, they are trusting the providers host then, but it could be argued as a step up from solely trusting the target node you're measuring. The host could still attack your target node, but it could also provide insight into another entity compromising the system (for example an attack within the target nodes userland like (reverse shell etc)).
I recommend we remove the 'DO NOT USE' and instead explain the situation in that the are different levels of guarantee:
3 is poorly worded , I agree and I am sure could be improved.
The text was updated successfully, but these errors were encountered: