Below (prefixed w/ '[JC]')
From: Anthony Dessiatnikoff [mailto:[email protected]]
Sent: Wednesday, June 17, 2009 4:56 AM
To: Cihula, Joseph
Subject: Re: tboot
Hi,
Thanks for your fast answer.
I finally installed the trousers package with devel (so trousers and tpm-tools
are working) but for tboot, the problem is still here.
I am trying to understand how TXT is working.
So, I have some questions about TXT and TPM:
- How the values of PCRs are calculated in the first place to be compared to ?
Are they provided directly by manufacturers or is it necessary to run an init
code (assuming there is no malicious softwares installed...) ?
[JC] When SENTER is executed, it will send the measurement of the SINIT ACM to
the TPM and that will cause the TPM to reset the DRTM PCRs (17-23) to 0 and
then extend PCR 17 with the hash of SINIT. SINIT will then execute and extend
more values into PCR 17, as described in sec. 1.9.1 of the TXT MLE Developers
Guide.
PCR 18 is extended with the SHA-1 hash of the MLE.
- Is there a SML (Stored Measurement Log) file used like described by the TCG ?
[JC] The "log" of what is measured into PCR 17, as described in sec. 1.9.1, is
contained (mainly) in the SinitMleData struct.
- Is Xen necessary to use TXT or is it just for tboot ?
[JC] tboot is a "generic" launcher in the sense that it does not really know
or care about what it launches. That said, it only currently knows how to
launch a Linux kernel or an ELF binary (which Xen is). But it could easily be
enhanced to understand other file formats. tboot contains most of the TXT
logic.
- I am able to seal data with tpm-tools (tpm_sealdata) but how can I unseal
data ? I saw in the TSS the tpm_UnsealFile function but for beginning I would
like to use a command line if possible.
[JC] tpm-tools doesn't provide a command line utility to unseal data,
unfortunately. However the function tpmUnsealFile() in libtpm_unseal does
almost exactly this and would only require a trivial wrapper to make into an
executable (caveat: I haven't tried this myself). You can get more info on its
man page, tpmUnsealFile(3).
I hope my questions are clearly enough, tell me if it is not.
Many thanks.
Best regards,
2009/6/15 Cihula, Joseph
<[email protected]<mailto:[email protected]>>
I'm glad to hear that you're working with tboot and Intel TXT.
For building TrouSerS, you need to make sure that you have all the dependent
packages installed, per the README file. You may also be able to find a
trousers package (you would need a -devel package).
TXT only uses PCRs 17 & 18. The SRTM PCRs (0-15) are used by regular software
during a normal boot. The other DRTM PCRs (19-23) are available for software
(e.g. tboot) to use.
Joe
From: Anthony Dessiatnikoff
[mailto:[email protected]<mailto:[email protected]>]
Sent: Monday, June 15, 2009 7:54 AM
To: Cihula, Joseph
Subject: tboot
Hi,
I am a student and I am studying the Trusted Execution Technology from Intel
and the use with TPM.
I would like some information about tboot because I cannot succeed to compile
it ...
When I build with the 'make' command, there is a lot of errors (some variables
are not declared, ...) in the Trousers directory, I think I missed something.
Is there some actions to perform before compiling (like replacing some folders)
? (I followed the README instructions so I configured it)
For information, I am on Ubuntu 8.10 with Xen 3.4 installed. I downloaded tboot
from sourceforge.
Another question: in the MLE developer's guide, only the PCRs 17 and 18 are
described but not the others, so what are they for ?
Thanks for your time.
Best regards,
--
Anthony Dessiatnikoff
Student from the University of Limoges (France) in Systems Security and
Cryptology
--
Anthony Dessiatnikoff
Master 2 Systems Security and Cryptology
University of Limoges (France)
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
tboot-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tboot-devel
