> I'm not really in a position to reflash my machine but I would still be > curious for details.
There is no need to reflash your firmware if the system has a integrated and supported TPM 1.2 chip. The prototype uses a Static Root of Trust for Measurment (SRTM) approach where the Chain of Trust is extended from a small immutable firmware part up to boot(8). Every component in the boot chain is responsible for measuring the components, that it hands control over the system. Measuring just means calculating the hash and sending it to the TPM. The following example is the Chain of Trust from my test system Lenovo Thinkpad X240 with OpenBSD. 1: Core Static Root of Trust for Measurment (C-SRTM) (immutable part of the Firmware) 2: Firmware (including OptionROMS) 3: MBR (mbr(8)) 4: PBR (biosboot(8)) 5: boot(8) (residing in the softraid(4) metadata when FDE is enabled) I changed the mbr(8) and biosboot(8) to support measuring their next component. Because there is very little available space left in the 440 byte of the mbr(8) startprogram, you have to choose between CHS and measurement support at compile time. boot(8) got support via a machine specific command to seal and unseal a secret of your choosing to any drive. Sealing and unsealing means encrypting/decrypting data depending on the state of the Platform Control Registers (PCR). PCRs are in the TPM NVRAM and store the measurements. With the laptop being in a trusted state, you can seal a secret and store it on a usb drive. When you want to verify, that the software components are unchanged, you plug in the usb drive and unseal the secret. If the output shows the correct secret and you were the only person knowing it, than there is a very high chance that the early boot components are unchanged. Some feedback from the OpenBSD community on this would also be appreciated. Are there enought people interessted in a Trusted Boot with OpenBSD? Best Regards Julius
