Re: TPM disk crypto

2006-10-06 Thread Travis H.

On 10/2/06, Erik Tews [EMAIL PROTECTED] wrote:

Am Sonntag, den 01.10.2006, 23:42 -0500 schrieb Travis H.:
 Anyone have any information on how to develop TPM software?
 http://tpm4java.datenzone.de/
Using this lib, you need less than 10 lines of java-code for doing some
simple tpm operations.


Interesting, but not what I meant.  I want to program the chip to verify
that the BIOS, boot sector, root partition conform to *my* specification.

I don't want binary-only hardware-enforced vendor lock-in, that went
out of fashion
with the mainframe and proprietary data[base] formats.
--
TH

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: TPM disk crypto

2006-10-06 Thread Erik Tews
Am Donnerstag, den 05.10.2006, 16:25 -0500 schrieb Travis H.:
 On 10/2/06, Erik Tews [EMAIL PROTECTED] wrote:
  Am Sonntag, den 01.10.2006, 23:42 -0500 schrieb Travis H.:
   Anyone have any information on how to develop TPM software?
   http://tpm4java.datenzone.de/
  Using this lib, you need less than 10 lines of java-code for doing some
  simple tpm operations.
 
 Interesting, but not what I meant.  I want to program the chip to verify
 that the BIOS, boot sector, root partition conform to *my* specification.
 
 I don't want binary-only hardware-enforced vendor lock-in, that went
 out of fashion
 with the mainframe and proprietary data[base] formats.

You can do that (at least in theory).

First, you need a system with tpm. I assume you are running linux. Then
you boot your linux-kernel and an initrd using the trusted grub
bootloader. Your bios will report the checksum of trusted grub to the
tpm before giving control to your grub bootloader. Your grub bootloader
will then report the checksum of your kernel and your initrd to the tpm
before giving control to them.

After your kernel has bootet and given control to your initrd, you can
checksum your root-partition (or do something similar, like just
checking if there are setuid binarys or checksum just your shadow-file)
and report that to the tpm using a little java-application and tpm4java.

Later, you can remotely query your system and get a report what has been
bootet on your system. You can do this query using a java application
and tpm4java.

All applications like linux, grub, tpm4java are open source (you will
need a java-vm, there are some open source vms, you should be able to
use with tpm4java). The only thing which is not open source is the bios
and the exact hardware design of your tpm chip in your pc.

One thing you should know is, that a tpm can never find out, if a
software meets some specifications, like does not have an buffer
overflow or does not execute code from the network or so. You just can
check is has not been altered.


signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil


Re: TPM disk crypto

2006-10-06 Thread Travis H.

On 10/5/06, Erik Tews [EMAIL PROTECTED] wrote:

First, you need a system with tpm. I assume you are running linux. Then
you boot your linux-kernel and an initrd using the trusted grub
bootloader. Your bios will report the checksum of trusted grub to the
tpm before giving control to your grub bootloader. Your grub bootloader
will then report the checksum of your kernel and your initrd to the tpm
before giving control to them.


Awesome, that's incredibly useful information.
I had not heard of trusted grub.  Thanks!


One thing you should know is, that a tpm can never find out, if a
software meets some specifications, like does not have an buffer
overflow or does not execute code from the network or so. You just can
check is has not been altered.


Of course.  However, you can sandbox x86 code efficiently:
http://www.usenix.org/events/sec06/tech/mccamant/mccamant_html/index.html
--
Enhance your calm, fellow citizen; it's just ones and zeroes.
Unix guru for rent or hire -- http://www.lightconsulting.com/~travis/
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066  151D 0A6B 4098 0C55 1484

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Why the exponent 3 error happened:

2006-10-06 Thread James A. Donald

--
Travis H. wrote:
 Actually, encoding lengths of other fields in a
 protocol is probably the easiest way to introduce a
 remotely-exploitable vulnerability (typically buffer
 overflow).  I'm going to have to side with the no
 redundancy means no inconsistencies possible argument
 here.  Oh, and you shouldn't process
 remotely-manipulable data in a language like C, unless
 you're doing all variable-length buffer management
 through a well-tested library, and even then you're
 playing with fire.

All fields that could be controlled by an adversary
should have reasonable maximum values specified in the
protocol definition.  Consider the language field in
HTTP.  It normally is blank, or contains the string
English.  A lot of implementations failed in ways
interesting to attackers when the language field
exceeded 20K, and wound up executing script contained in
the language field.  Why were language fields not given
a reasonable maximum length, and reasonable limits on
the characters permitted in the language field, and an
error response defined for the case that the language
field exceeded that limit, or contained improper
characters?

The only fields that should be permitted to have
unbounded length are those that can be pipelined, where
you repeated fill a fixed length buffer, and repeatedly
empty it.

 And fixed-length buffers are often broken too, because
 many a programmer has arbitrarily decided that's big
 enough without considering how an active adversary
 would be constrained, or without considering that the
 data may grow in size with the next revision of
 (whatever is feeding data to us).

All fixed length buffers are of course broken unless the
length is part of the protocol.  Since there is, in
practice, always going to a maximum length, if only the
length at which the computer starts to run out of
memory, maximum lengths should be defined as part of the
protocol The  field is bounded by the first
whitespace character, or a maximum of 128 unicode
characters, whichever comes first.

Recall all the implementations that gave interesting
results when the length count overflowed to negative.

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 /qepotdogioqKl6zqKb1307bOmyXeRzSTpBPmWcw
 4WtThf8IVl9id73YCBhzL8jl5yJ7wd+oc/GuW4E7o

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]