| I think you misunderstood the OP. From what I got, the OP was not claiming that a TPM is simply a HSM (despite the first sentence making it seem that way). What they claimed was: - You only need to provide a HSM, a general-purpose microcontroller and a specific, very simple trusted bootloader. - Then clients can supply the rest of the TPM implementation themselves as untrusted code to the bootloader. - The resulting system has the same security properties as a TPM implemented in firmware. - It would lead to simpler implementations and a lot less complexity in general, as clients only have to implement the parts of the TPM spec they need an not the entire thing. I'm not enough of a crypto guy to be able to judge whether OP is right - but I think you'd need some more substantial cryptographic arguments to disprove the claim. (In particular, I wonder how easy it would be to cause a collision - i.e. pass a program to the bootloader that results in the same hash and CDI as the program that you want to attack and still lets you do something useful, such as leaking information about the CDI to the host) |