alt Hacker NewsHow would that be implemented? I'd be curious to know.
I'm not aware that a TPM is capable of hiding a key without the OS being able to access/unseal it at some point. It can display a signed boot chain but what would it be signed with?
If it's not signed with a key out of the reach of the system, you can always implement a fake driver pretty easily to spoof it.
Replies
tapoxi • today at 1:28 AM
This is called the Endorsement Key, and you're correct, it never leaves the TPM. The TPM is a "black box" to the OS.
➕ show 1 reply
I guess something like that: https://tpm2-software.github.io/tpm2-tss/getting-started/201...
Basically TPM includes key that's also signed with manufacturer key. You can't just extract it and signature ensures that this key is "trusted". When asked, TPM will return boot chain (including bootloader or UKI hash), signed by its own key which you can present to remote party. The whole protocol is more complicated and includes challenge.