Statement on HW / SW TPM #591
Comments
|
tagging tpm folks @stefanberger @puiterwijk |
|
Yes, for software TPM you have to trust the underlying host and admin(s): https://github.com/stefanberger/swtpm/wiki#securitytrust-model-of-the-software-tpm |
|
I agree with the spirit of this change. "DO NOT USE" is too harsh. It's just different tradeoffs as it does provide protection against a lot of intrusion attacks, just not a malicious hypervisor. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 7 days if no further activity occurs. Thank you for your contributions. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 7 days if no further activity occurs. Thank you for your contributions. |
I think we could be a little less forceful in this view
A swtpm for sure does not provide the same level of guarantees as a HW tpm, however its still superior to something like AIDE. Someone could use a cloud providers swtpm (google cloud provide them). Granted, they are trusting the providers host then, but it could be argued as a step up from solely trusting the target node you're measuring. The host could still attack your target node, but it could also provide insight into another entity compromising the system (for example an attack within the target nodes userland like (reverse shell etc)).
I recommend we remove the 'DO NOT USE' and instead explain the situation in that the are different levels of guarantee:
3 is poorly worded , I agree and I am sure could be improved.
The text was updated successfully, but these errors were encountered: