Menu
▾
▴
Re: [Trustedjava-support] Questions about PCR quoteing (Attestation)
|
From: Martin P. <Mar...@ia...> - 2009-06-22 14:47:20
|
dev...@ar... wrote: > System A communicates with System B for the first time > For my understanding system B cannot check the signed PCR at this time as well as it cannot check the nonce, because of it does not know the expected values. The point of using a nonce is to provide freshness, a random nonce cannot be predicted and thus makes certain attacks (e.g. replay) harder. One entity requests a quote and provides a nonce, the other does the quote and then, by examining the nonce in the response one can be assured the quote was done "just now" - it is a freshly generated reply. > 3. Are the checks, which were described int the scenario are enough for attestation? What is the point of each check? nonce -> provides evidence that the answer is fresh PCRs content -> provides evidence of system state signature on PCRs -> cryptographic binding of PCR info to key AIK certificate -> proof that the key is really a hardware TPM hosted non-migrateable identity key ...and a PKI is needed to manage/validate AIK certificates according to a specific policy, trusted to be done correctly by the application HTH, Martin |
