No that's not the way it would work. There would be a secure remote attestation certified by the endoresment key which is signed by the hw manufacturer and never leaves the device. Bound to this attestation would be a key exchange which results the device negotiating a shared key with the music server. The music server keys would be sealed with keys derived from your current software state (OS, BIOS etc).
Then you can boot anyway you like, online or offline, just if you ever boot without the right state the TPM can't recompute the sealing keys and so you can't access data sealed under that state. Adam -- (Personal comments only) On Tue, Feb 04, 2003 at 12:36:25PM -0500, Trei, Peter wrote: > 'secure remote attestation that the boot > sequence was followed' > > seems to imply that a net connection back > to Hollywood would be required to boot. > > 'All your computer are belong to us'. > > Peter Trei --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
