On Fri, Feb 1, 2013 at 3:45 PM, Dmitri Toubelis <[email protected]> wrote: > Hi, > > I'm designing a trusted platform for an embedded device and I hit a roadblock > with trusted OS updates. Here is an example: > > - our system consists of two components that may need upgrade - operating > system and system software. > - the system software is stored as an encrypted archive and decryption key is > sealed with values of several PCR registers. > - the system software is responsible for upgrading itself and operating > system. > - when new OS image downloaded and verified by system software the encryption > key need to be re-sealed with "EXPECTED" PCR values after system reboots. > Essentially the encryption key needs to be "unsealed" in the currently > running environment and "sealed" with expected values of PCR registers that > can be easy calculated at that time. > > So, would it be possible to add an option to tpm_sealdata in order to seal > data with arbitrary values of PCR registers? I think the command line syntax > may be extended to something like "{-p|--pcr} NUMBER:SHA1_HEX_STRING", so if > no ":SHA1_HEX_STRING" is provided then value of the register is used, > otherwise use the provided value. > > What do you guys think? Is this possible?
Its possible. I'm not crazy about passing all that info on the command line though. The way I implemented this for tpm_nvdefine was to allow passing a file used to configure the PCRs. The format is: [r/w][PCR#][SHA1] so something like... r 12 aabbccddeeff001122... w 14 aabbccddeeff001122... would specify the area could be read when PCR 12 or written when PCR 14 had the set values. We could reuse the same format, ignoring the r/w, or leaving it out entirely. Kent > Regards, > -Dmitri > > > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_d2d_jan > _______________________________________________ > TrouSerS-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/trousers-users ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_jan _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
