It is possible for tboot to extend kernel and initrd into dynamic PCRs in an untrusted boot on a TPM enabled machine, tboot is BSD-licensed open source project, any contribution to it is welcome!
-ning -----Original Message----- From: t...@tbd16.sbrk.co.uk [mailto:t...@tbd16.sbrk.co.uk] Sent: Tuesday, February 02, 2016 8:52 PM To: tboot-devel@lists.sourceforge.net Subject: [tboot-devel] Fallback launch to SRTM? I recently got tboot working on a TXT enabled laptop and set about installing it on another more recent laptop. Unfortunately it turns out that my new laptop doesn't have TXT. Looking at the code for tboot, it seems it just launches Linux normally without any measurements in that case. Since tboot already has all the code for measuring the kernel and initrd etc, would it be possible to make the fallback launch one that at least extends measurements of the kernel and initrd into PCRs on TPM enabled machines? The alternative is trustedgrub{,2} but that doesn't work with UEFI and I'd like to be able to have a UEFI boot due to being able to install my own platform key and performing signed boots only. Paul ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
