Hi, On Sat, Apr 9, 2011 at 5:31 AM, Cihula, Joseph <joseph.cih...@intel.com> wrote: >> I'm looking at TXT boot log of my Fedora 15. >> It extended VL measurements hashes to PCR 17, 18 and 19 after check the >> Verified Launch policy. >> >> What is the value of VL measurements on the PCR17? >> I can't find the origin of this value extended to the PCR17. >> (My vl policy just set the hashes of the PCR 18 and 19.) > > Good catch--the README has a typo: > - SHA-1 hash of: tboot policy control value (4 bytes) | > SHA-1 hash of tboot policy (20 bytes) > : where the hash of the tboot policy will be 0s if > TB_POLCTL_EXTEND_PCR17 is clear > Really goes in PCR 17 (and not 18 as README states).
Got it. I have confirmed that all extends. :-) >> TBOOT: PCR 18: d2 5c 5b 18 2a 9a 62 ce 15 e4 6d 08 91 9d 4e fc 1b 7c fc >> ad >> TBOOT: PCR 19: 0f 93 a8 2c 3b 3b 20 30 98 61 39 a2 03 2e 38 23 73 3f c6 >> 42 >> TBOOT: PCRs before extending: >> TBOOT: PCR 17: 8a d7 6e cc d2 55 5b e0 d9 6f c8 61 a7 9e 8b b7 92 00 ed d9 >> TBOOT: PCR 18: 83 f0 02 a7 4c d7 0d de d6 1a ca 09 0a a1 64 a6 0e 25 e2 75 >> TBOOT: PCRs after extending: >> TBOOT: PCR 17: bb 0f 68 4f df 3a 42 b9 24 93 80 6d 5d a5 4e 36 62 c5 c5 52 >> TBOOT: PCR 18: 5e 24 63 ef f8 ee 13 c3 28 1e 13 03 d2 0e d4 79 69 5f 15 d7 >> Is PCR 19 missing? > > The code just doesn't display it because this output is really intended to > help debug unseal failures and the integrity measurements are only sealed to > PCRs 17 + 18. Do you have any plan to store an eventlog like BIOS(SRTM) do? That is useful to validate a remote system by attestation. (and also useful to debug the measurements). Thanks, -- Seiji ------------------------------------------------------------------------------ Forrester Wave Report - Recovery time is now measured in hours and minutes not days. Key insights are discussed in the 2010 Forrester Wave Report as part of an in-depth evaluation of disaster recovery service providers. Forrester found the best-in-class provider in terms of services and vision. Read this report now! http://p.sf.net/sfu/ibm-webcastpromo _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
