google vtpm and trusted root stuff
can’t remember if I sent this out already.
Nabil Schear, Ph.D.
Senior Staff, Secure Resilient Systems and Technology Group
MIT Lincoln Laboratory, 244 Wood St, Lexington, MA 02420
Tel: 781-981-5744 Office: C-290F
Luke A Hinds
A bit more information on the vTPM here:
Seems they are running the IBM emulator , but its not fixed to a hardware chip:
"Building on that, we’ve talked about our plan to use our Titan chips to enable first-instruction integrity on our production machines. This will allow us to establish a hardware root of trust that we can chain all the way to vTPM— not something that TPMs typically do (RTMs are usually implemented in software that can in principle be compromised, although hopefully not very easily!)."
That to me reads as in what they would like to do, not what they currently have
I guess one real benefit here for Keylime, is once this is available, if its possible to know the PCR's and Google make public their vendor key, we can then attest Google Cloud Containers!