I am serious about finding an answer, but I am forced to work with devices in the field which means, at least for the present, no TPM at my disposal.
Though theoretically a kernel could produce whatever values it wants through /dev/mtd/mtd1,2, one could trust it to the point that an attacker would have to perform some minor surgery on the kernel if he were to spoof the values from a legitimate one. While it's not foolproof, it does increase the complexity of overriding the security inherent in performing a hash on the bootloader and kernel values, which adds *some* level of additional security against casual script- kiddie attacks. (Unless the script kiddie has an Uncle Torvalds, of course.) This brings me back to my original supposition that I should like to perform a signature on the stream that comes from /dev/mtd/mtd1,2, which I seem unable to do. I assume that if one can back up the bootloader and kernal images merely by cp /dev/mtd/mtd1 /tmp/bootloader_image.backup cp /dev/mtd/mtd2 /tmp/kernel_image.backup it stands to reason that I should be able to run the file through an MD5 or other suitable checksum. Doesn't it? If so, why does it crash so heinously? I'm in the process of git'ting the Android cupcake kernel so I can wade through the /dev/mtd/mtd* code to see why my assumption has failed. With any luck, someone here will shortcut my efforts with an explanation. Torin... -- On Nov 2, 7:59 pm, "[TH]" <[email protected]> wrote: > This is the Root of Trust (ROT) question, which seems > to be asked again and again. (e.g. how do I know the pre-boot > environment and the loader have not been tampered with, etc etc). > > If you are serious about seeking an answer, > I would suggest looking at the work of the folks > in the Trusted Computing Group (TCG), in particular > on using the TPM hardware as a root of trust. > > And no, the TCG and TPM is not about DRM :-) > > /thomas/ > hardjono[at]mit.edu > > On Nov 1, 5:12 pm, Torin Walker <[email protected]> wrote: > > > > > I'm looking for a way to authenticate the bootloader and kernel images > > to ensure the OS has not been tampered with from some factory default. > > > One way I imagined doing this is to perform a cryptographic hash on > > > /dev/mtd/mtd1 (bootloader image), and > > /dev/mtd/mtd2 (kernel image), > > > but opening up either of these devices into a CheckedInputStream (for > > CRC32 validation, for example) results in an enormous crash. Not only > > does the device stop responding, but the android debug bridge crashes > > and no longer recognizes any attached devices until Windows Vista (go > > figure) is rebooted. > > > Can anyone suggest a better method for validating that the Operating > > System has not changed (i.e. The bootloader and kernel are factory > > defaults?) > > > Torin...- Hide quoted text - > > - Show quoted text -
