Hi everyone, I removed -Werror parameter into config.mk to compile tboot and execute it.
I have some questions: - How can I retrieve the tboot logs (because during the boot, the display time is too short to see anything) ? it is apparently not in the dmesg command or others log files. - So we hash into PCR 17 and 18 the content of SINIT and MLE but we need to compare them to the expected values to be sure they are corrects, right ? so when is this verification ? Because DRTM PCRs are set to zeros after SENTER instruction, it is necessary to obtain the expected hashes values from somewhere before performing current hashes of SINIT and MLE and then comparing them. - What is exactly the e820 table ? Why do we need to secure it ? - How the localities are they managed, I mean is it a security concern (so not possible to pass through a locality to another) or just a way to separate PCRs use from different softwares (so possible to pass through a locality to another) ? Thanks, -- Anthony D.
------------------------------------------------------------------------------
_______________________________________________ tboot-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tboot-devel
