|
|
|
|
|
|
by amluto
2661 days ago
|
|
|
You make a little enclave that (proxied through the host) gets the TPM to attest online to the relevant PCRs. Then the enclave gives the host the VMK. Sure, one could then run this enclave under malicious control, but the attacker now has to do that live while the TPM thinks the system is okay. This requires active attack instead of passive attack. (Or it requires a DMA attack.) So the bar is a bit higher. |
|
|