zlacker

[return to "Google Web Environment Integrity Is the New Microsoft Trusted Computing"]
1. blibbl+iQ[view] [source] 2023-07-27 10:14:00
>>neelc+(OP)
surely if they're successful they'll create a market for ripping the keys out of TPMs and selling them?

at which point you could attest any environment you wish, across as many machines as you want

a nice side hustle for bored university students with access to the equipment needed

(currently this doesn't happen as the TPM keys are essentially worthless)

◧◩
2. wizee+7Z[view] [source] 2023-07-27 11:28:29
>>blibbl+iQ
Such keys sold in large numbers could be detected and blacklisted though.
◧◩◪
3. kevinc+6z1[view] [source] 2023-07-27 14:31:31
>>wizee+7Z
IIRC these keys are often produced in batches to help protect anonymity so revoking them may have undesirable impact on the bystanders who happen to have a key in the same batch.

So if we could reliably extract keys it may be enough to break this. (or force TPM makers to have per-device keys instead of per-batch keys)

[go to top]