# Task 1
## Informational comments
* Platform: CPU, TRB with EK, SRK, AIK
* Application: A
* Operating System: OS, ID, OSrunning
* OS vendor: OSV
* Platform Vendor: TVK
* Certification Authority: CAK, checks and certifies that AIK belongs to TRB with EK (not shown here)

## Root of trust / what you need to know
* Challenger: CAK_pub, OSVK_pub, (TVK_pub indirectly, because AIK certification)
* Attester: N/A

## Certificates
{ "good EK", EK_pub }TVK_priv
{ "good AIK", AIKpub }CAK_priv
{ "OS v3.0", H(OS) }OSVK_priv (this would be a useful representation of 'IDOS')

## Remote attestation protocol
Challenge:
nonce

Response:
{ "good AIK", AIK_pub }CAK_priv
  -> { PCR=H(OS), { "OS v3.0", H(OS) }OSVK_priv, OSrunningAuthK_pub, OSrunningConK_pub }AIK_priv
       -> { nonce }OSrunningAuthK_priv

# Task 2
1. use sealed memory to bind game data to the specific software stack (game, OS, bootloader, ...)
2. store game data on the (trusted) server, protect game data using remote attestation
3. combination of 1. and 2.

# Task 3
* software stack:
  - firmware
  - bootloader
  - OS
  - game
* each stage: measure + record in PCR + check + start, if check OK (abort otherwise)

# Task 4
* Secure booting: measure + record in PCR + check + start, if check OK
* Authenticated booting: measure + record in PCR + start + check using sealead memory or remote attestation
1. task a) prevent cheating:
  - player {A,B} check remote game of player {B,A}
2. task b) prevent illegal copies:
  - check license certificate locally
  - remotely (other player)
  - remotely (server)