WingNews logo WingNews
top | item 46711164

(no title)

Foxboron | 1 month ago

> The TPM has nothing remotely resembling per-user PCRs.

The system could extend one of the PCRs, or an NVPCR, with some unique user credential locked to the user directory. Then you can't recreate the PCR records in any immediate way.

But you can't just recreate a key under one of the hierarchies anyway. You still need to posses the keyfile.

discuss

order

amluto|1 month ago

> The system could extend one of the PCRs, or an NVPCR, with some unique user credential locked to the user directory. Then you can't recreate the PCR records in any immediate way.

Sure, but can the system context-switch that PCR between two different users?

Foxboron|1 month ago

> Sure, but can the system context-switch that PCR between two different users?

Right, no it can't.

But this was not really something the TPM was suppose to solve.