摘要 |
Processing apparatus, such as a trusted platform, is provided with an access-control arrangement for handling a tree-structured hierarchy such as a key hierarchy. The access-control arrangement only permits access to a particular node of the hierarchy upon receiving a reliable indication that a mechanism expected to resist subversion will attempt to enforce appropriate access restrictions on that node. Such a mechanism is, for example, a protected process executing in a benign environment in the apparatus. The indication that the mechanism is in place is provided by a trusted source, such as a hardware root of trust responsible for initiating the mechanism. Access to the particular node opens the way to revealing that node, and any descendants, to the protected process.
|