On Tue, 2020-01-28 at 22:11 -0500, Paul Moore wrote:
> On Sat, Dec 21, 2019 at 12:00 PM Paul Moore (pmoore2) via tboot-devel
> <
> tboot-devel@lists.sourceforge.net
> > wrote:
> > On Fri, 2019-12-20 at 10:51 +0100, Lukasz Hawrylko wrote:
> > > On Tue, 2019-12-17 at 20:12 +, Paul Moore (pmoore2)
On Sat, Dec 21, 2019 at 12:00 PM Paul Moore (pmoore2) via tboot-devel
wrote:
> On Fri, 2019-12-20 at 10:51 +0100, Lukasz Hawrylko wrote:
> > On Tue, 2019-12-17 at 20:12 +, Paul Moore (pmoore2) wrote:
> > > On Fri, 2019-12-06 at 11:37 +0100, Lukasz Hawrylko wrote:
> > > > On Thu, 2019-12-05 at
On Fri, 2019-12-20 at 10:51 +0100, Lukasz Hawrylko wrote:
> On Tue, 2019-12-17 at 20:12 +, Paul Moore (pmoore2) wrote:
> > On Fri, 2019-12-06 at 11:37 +0100, Lukasz Hawrylko wrote:
> > > On Thu, 2019-12-05 at 17:20 +, Paul Moore (pmoore2) wrote:
> > > > A question for discussion: if the VLP
On Tue, 2019-12-17 at 20:06 +, Paul Moore (pmoore2) wrote:
> On Fri, 2019-12-06 at 21:28 +, Paul Moore (pmoore2) via tboot-devel
> wrote:
> > On Fri, 2019-12-06 at 11:37 +0100, Lukasz Hawrylko wrote:
> > > On Wed, 2019-12-04 at 14:33 +, Paul Moore (pmoore2) wrote:
> > > > Can you elabor
On Tue, 2019-12-17 at 20:12 +, Paul Moore (pmoore2) wrote:
> On Fri, 2019-12-06 at 11:37 +0100, Lukasz Hawrylko wrote:
> > On Thu, 2019-12-05 at 17:20 +, Paul Moore (pmoore2) wrote:
> > > A question for discussion: if the VLP is loaded from it's own
> > > nvindex,
> > > and there is also a
On Fri, 2019-12-06 at 11:37 +0100, Lukasz Hawrylko wrote:
> On Thu, 2019-12-05 at 17:20 +, Paul Moore (pmoore2) wrote:
> > A question for discussion: if the VLP is loaded from it's own
> > nvindex,
> > and there is also a VLP present inside the LCP, which VLP do we want
> > to
> > use? I'm ass
On Fri, 2019-12-06 at 21:28 +, Paul Moore (pmoore2) via tboot-devel
wrote:
> On Fri, 2019-12-06 at 11:37 +0100, Lukasz Hawrylko wrote:
> > On Wed, 2019-12-04 at 14:33 +, Paul Moore (pmoore2) wrote:
> > > Can you elaborate a bit more on what you mean by "the root of
> > > certificate"? Alte
On Mon, 2019-12-09 at 15:23 +0100, Lukasz Hawrylko wrote:
> On Fri, 2019-12-06 at 21:28 +, Paul Moore (pmoore2) wrote:
> > I know I've said this before, but please consider all of this code
> > still
> > a very rough prototype. Normally I wouldn't share code of this
> > quality,
> > but since
On Fri, 2019-12-06 at 21:28 +, Paul Moore (pmoore2) wrote:
> I know I've said this before, but please consider all of this code still
> a very rough prototype. Normally I wouldn't share code of this quality,
> but since there are a large number of uncertainties surrounding this
> work (e.g. is
On Fri, 2019-12-06 at 11:37 +0100, Lukasz Hawrylko wrote:
> On Wed, 2019-12-04 at 14:33 +, Paul Moore (pmoore2) wrote:
> > Can you elaborate a bit more on what you mean by "the root of
> > certificate"? Alternatively, could you upload the kernel and
> > signing
> > certificate somewhere I coul
On Wed, 2019-12-04 at 14:33 +, Paul Moore (pmoore2) wrote:
>
> Can you elaborate a bit more on what you mean by "the root of
> certificate"? Alternatively, could you upload the kernel and signing
> certificate somewhere I could grab so I can play with it?
>
Maybe I used wrong words, I am ta
On Wed, 2019-12-04 at 14:33 +, Paul Moore (pmoore2) via tboot-devel
wrote:
> On Mon, 2019-12-02 at 14:09 +0100, Lukasz Hawrylko wrote:
> > If VLP is present under its own index (for TPM 2.0 it is
> > 0x01C10131),
> > tboot will not read LCP at all, so certificate will not be
> > available.
> >
On Mon, 2019-12-02 at 14:09 +0100, Lukasz Hawrylko wrote:
> Hi Paul
>
> I went through all steps and I was able to create LCP with
> certificated,
> VLP with TB_HTYPE_PECOFF and finally got platform booted with PCR 20
> extended by certificate hash (to be honest I didn't check if it is
> correct).
Hi Paul
I went through all steps and I was able to create LCP with certificated,
VLP with TB_HTYPE_PECOFF and finally got platform booted with PCR 20
extended by certificate hash (to be honest I didn't check if it is
correct). So everything works, however I have few notes :)
If VLP is present und
Hi Paul
Great news, I will check in the next week how it works and come back
with feedback.
Thanks,
Lukasz
On Wed, 2019-11-20 at 23:05 +, Paul Moore (pmoore2) via tboot-devel
wrote:
> On Fri, 2019-10-18 at 13:27 +, Paul Moore (pmoore2) via tboot-devel
> wrote:
> > On Thu, 2019-09-19 at 1
On Fri, 2019-10-18 at 13:27 +, Paul Moore (pmoore2) via tboot-devel
wrote:
> On Thu, 2019-09-19 at 15:39 +, Paul Moore (pmoore2) via
> tboot-devel wrote:
> > Hello,
> >
> > I've been working on adding PECOFF/kernel signature verification to
> > tboot ...
Hello everyone,
I just pushed ano
Hi Lukasz,
That's great news, I'll look forward too meeting with you next week! I'll
follow up with you off-list with some contact information.
--
paul moore
www.paul-moore.com
On October 24, 2019 9:19:52 AM Lukasz Hawrylko
wrote:
> Hi
>
> I will be on LSS EU, I will catch you after your pres
Hi
I will be on LSS EU, I will catch you after your presentation for a
short (or not short) conversation.
Thanks,
Lukasz
On Fri, 2019-10-18 at 13:27 +, Paul Moore (pmoore2) via tboot-devel
wrote:
> On Thu, 2019-09-19 at 15:39 +, Paul Moore (pmoore2) via tboot-devel
> wrote:
> > Hello,
>
On Thu, 2019-09-19 at 15:39 +, Paul Moore (pmoore2) via tboot-devel
wrote:
> Hello,
>
> I've been working on adding PECOFF/kernel signature verification to
> tboot and now that I have a rough working prototype I wanted to bring
> it to the list to see if this is something the tboot community w
Hi Lukasz,
I'm happy to join the internal discussion if you think it would be
helpful, although I do have some travel scheduled for later this month.
Feel free to contact me off-list if you want to discuss timing.
Are you going to be at Linux Security Summit EU in France at the end of
October?
Hi Paul
We are going to have internal discussion about this feature in two
weeks, I have to prepare some presentation, so be prepare for questions
in near future :)
I have built version with your patch, looks like verification is working
with Fedora's kernel indeed. However I was not be able to v
Hi Lukasz,
Thanks for taking a look, I know it is a lot to ask. When looking at
the patches I'm mostly concerned about feedback on the general concepts
at this stage; the patches are still very much a work in progress. My
goal in posting this on-list was to get some feedback now to see if this
i
Hi Paul
Thank you for sharing your work. I will look at this patch and check how
it works, idea of measuring kernel signature instead of whole binary is
very interesting. I hope that next week I will find some time for that,
as you said patch is quite big.
Do you plan to add ability to verify pub
Hello,
I've been working on adding PECOFF/kernel signature verification to
tboot and now that I have a rough working prototype I wanted to bring
it to the list to see if this is something the tboot community would
be interested in eventually merging (once the work is more complete
and polished).
24 matches
Mail list logo
