|
|
|
|
|
|
by ivanhoe
4107 days ago
|
|
|
Perhaps it's a stupid question, but how can a web client confirm that code is really running from inside the TPM? Since the source code is freely available from github, isn't there a chance that whoever controls the server (hacker or malicious owner) can simply override the TPM at some point in future, and run the unsigned, possibly altered, code directly, circumventing all the restrictions? As far as I understand the mechanics of TPM, for this setup to work you need the server owner to be trusted and actively monitoring and protecting the server setup like banks do, to detect any breach. Then it makes sense: you trust the owner, owner creates the proper setup and TPM protects it from any future unauthorized changes. If the owner of the server cannot be trusted this will not work, since he/she can just change the back-end setup and do as he's pleased, and you don't have any way to detect this on the client side? |
|
|
1. Site publishes its hardware public key, allows users to verify it can sign on behalf on an Intel processor.
2. Site publishes source and reproducible build, so everyone can agree on a hash of acceptable bits.
3. Users submit requests encrypted to that public key (there's also something missing, where the key is actually a combination of the public key plus the hash of the executable code. Maybe the processor signs another cert for a specific proc+code combo).
4. Server can only decrypt when it has access to the matching private key, which is only available after entering the secure enclave.
5. If the server could decrypt the request and sign a response, the user knows it was handled by the right bits.
This still has many problems, the main one being that users are not going to really verify anything anyways. Also the data storage and all important handling needs to be done with encryption, so an admin can't just change the data.
But in theory, assuming no one can break the secure enclave/trust chain, it's a pretty nifty solution.