Thank you for your answer, for my second question, maybe I was not clear enough: I don't understand how the expected hashes values are coming from (it must be the TPM but it is necessary to save them into it before booting and executing tboot so I would like to know when these hashes are calculated and what is the tool used ?) before to be compared with the current value.
about the localities, is it like the ring (0-3) protection system of processors, how is it implemented ? is any software able to declare itself as working in locality 4 ? 2009/7/1 Shane Wang <[email protected]> > See my comments below. > > Thanks. > Shane > > Anthony Dessiatnikoff wrote: > >> Hi everyone, >> >> I removed -Werror parameter into config.mk<http://config.mk> to compile >> tboot and execute it. >> >> I have some questions: >> >> - How can I retrieve the tboot logs (because during the boot, the display >> time is too short to see anything) ? it is apparently not in the dmesg >> command or others log files. >> > If you have serial port, you can connect your test machine running tboot to > another machine with serial line, and see the log in the window of some COM > tool (say I am using Tera Term Pro) > If not, you can set logging=memory in tboot command line in grub.conf and > after booting up, you can see the log by a tool txt-stat, which is in > tboot/txt-test. > > >> - So we hash into PCR 17 and 18 the content of SINIT and MLE but we need >> to compare them to the expected values to be sure they are corrects, right ? >> so when is this verification ? Because DRTM PCRs are set to zeros after >> SENTER instruction, it is necessary to obtain the expected hashes values >> from somewhere before performing current hashes of SINIT and MLE and then >> comparing them. >> > Right, we extend them into PCR 17 and PCR 18 respectively. For SINIT, it > should include digital signature, and for MLE, its hash will be compared in > SINIT. > > >> - What is exactly the e820 table ? Why do we need to secure it ? >> > e820 is a table, which is provided by bios to explain memory layout for > OS/VMM which range can be used, which can't. > Because it is very important and we use it to protect tboot/TXT related > memory itself. We don't want OS/VMM to touch them. > > >> - How the localities are they managed, I mean is it a security concern (so >> not possible to pass through a locality to another) or just a way to >> separate PCRs use from different softwares (so possible to pass through a >> locality to another) ? >> > It should not be the latter, not only PCRs. Locality is to enable the TPM > to differentiation between commands from different local sources, a bit like > access permission. In TPM v1.2, locality 0 is for normal application; 1 for > trusted application; 2 for trusted OS; 4 for trusted chipset. For more, you > can refer to TCG spec. > > >> >> Thanks, >> >> >> -- >> Anthony D. >> >> >> > -- Anthony Dessiatnikoff Master 2 in Computing Security and Cryptology University of Limoges (FR)
------------------------------------------------------------------------------
_______________________________________________ tboot-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tboot-devel
