One of the criticisms raised against trusted computing is that it solves some potential problems of the future without doing the homework first that precedes these problems. Trusted computing, these critics argue, provides an elaborate mechanism for remote attestation, but it does not provide well-functioning mechanisms for local attestation. Therefore, with trusted computing, I am able to determine the state of a remote platform in a trustworthy manner, but I am unable to do the same for my own local platform.This argument may be a little bit extreme, as some functionalities of trusted computing could be used for local attestation. As an Intel paper on LaGrande Technology points out (on pp. 7-8), there are at least three ways to perform a local attestation:
- You may just trust the initial configuration that is being shipped to you.
- You may attach a portable device to your local platform that performs an attestation routine.
- You may ask a third party to perform a remote attestation on your local platform. The problem of this approach is how to get the integrity information measured by the remote challenger back to you.
I am not totally convinced by these solutions, and my feeling is that this area may be a little bit underdeveloped. But this is only a feeling. Any thoughts?