google vtpm and trusted root stuff

Nabil Schear


can’t remember if I sent this out already.






Nabil Schear, Ph.D.               

Senior Staff, Secure Resilient Systems and Technology Group

MIT Lincoln Laboratory, 244 Wood St, Lexington, MA 02420

Tel: 781-981-5744   Office: C-290F

Luke A Hinds

A bit more information on the vTPM here:

Seems they are running the IBM emulator , but its not fixed to a hardware chip:

"Building on that, we’ve talked about our plan to use our Titan chips to enable first-instruction integrity on our production machines. This will allow us to establish a hardware root of trust that we can chain all the way to vTPM— not something that TPMs typically do (RTMs are usually implemented in software that can in principle be compromised, although hopefully not very easily!)."

That to me reads as in what they would like to do, not what they currently have

I guess one real benefit here for Keylime, is once this is available, if its possible to know the PCR's and Google make public their vendor key, we can then attest Google Cloud Containers!