On Mon, Jun 16, 2008 at 02:13:37PM +0200, Joep Vesseur wrote: > Restarting the kernel as proposed by this case will either run unverified code > (at the vary least, not every step of the boot-process is checked sequentially > anymore) or the registers used to record the validation will no longer unlock > the registers containing the sensitive data needed to continue the boot > process.
Well, the TPM need not know (because its driver might not actually fully reset it on quiesce?) that a new kernel is replacing the old one. The old kernel was trusted and it can do signature verification of the new kernel. And the old kernel could pass to the new kernel any data the new kernel will need to access the TPM. Nico --
