Trusted Computing Base
The less, the better. We have to trust less.
TCB (roughly) includes things in the computer that we assume
to be correct, or that we trust.
TCB for PC includes at least
- The operating system kernel including all its device drivers
- All processes that run with root privileges
- All program files owned by root with the set-user-ID bit set
- All binaries and development tools that were used to build the above
- The CPU
- The mass storage devices and their firmware
- The file servers and the integrity of their network links
A security vulnerability in any of these could be used to bypass the entire Unix access control mechanism.