On Sat, Apr 23, 2016 at 8:57 AM, Kevin Kofler <kevin.kof...@chello.at> wrote: > Matthew Garrett wrote: >> Measured boot is a process whereby each component in the boot chain >> "measures" the next component. In the TPM 1.x world (which is where most >> of us still are), that measurement is in the form of a SHA1 hash of the >> next component. So, on a BIOS system, the firmware measures itself, the >> firmware measures its configuration, the firmware measures any option >> ROMs on plugin cards, the firmware measures the MBR of the disk, the MBR >> measures the grub stage 1, the grub stage 1 measures the grub stage 2, >> the grub stage 2 measures the kernel and so on. > > Yet another Treacherous Computing "feature" that nobody needs!
If you are trying to ensure the provenance of the hardware and software combination at every stage, you really need to check it at every level and every stage of loading. "Trusted Computing" used to be called "Palladium", and I caught an early presentation on it by Peter LaMacchia, one of the authors. He did not realize Richard M. Stallman was going to be in the audience, and I could see his look of horror when Richard got up and tore the whole project a new one for trying to take away users' access to and control over their own data on their own systems. >> Remote attestation is a mechanism by which a remote machine can request >> (but not compel) another machine to provide evidence of the PCR state. >> The TPM provides a signed bundle of information including the PCR values >> and the event log, and the remote machine verifies that the signature >> corresponds to the key it expected to see. > > How does the remote machine know that what is answering is a physical TPM > and not a software emulation? Does it need to have the individual TPM's > public key in advance? > > Kevin Kofler It cannot detect whether the Trusted Computing enabled host is a VM. This is one of the big reasons Trusted Computing hasn't been more rigorously pursued or enforced. It's proven too easy to defeat by running the tools in a VM, one in which the hypervisor can access the unlocked or unencrypted data streams inside the VM. -- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
