Dimitri,
That helps clarifying things a lot. Thanks!
I will keep this in mind as the requirement might change.
David
On Thu, Sep 18, 2014 at 10:21 PM, Dmitri Toubelis <
[email protected]> wrote:
> David,
>
> If you are not enforcing any security and you just want to know if any of
> boot parameters has changed then reading PCR registers should be enough.
>
> However, if you want to utilize trusted computing to fuller extent then
> you need more then this. You will need to start from obtaining a trusted
> boot loader that will boot your operating system in a specific way. I'm not
> aware of any UEFI bootloaders that are TPM aware but there are few option
> for old fashion BIOS/MBR boot (Trusted GRUB for example). Note, that you
> don't not need trousers stack for this either.
>
> Essentially, Trousers provides a library that implements several APIs
> specified by TCG as well as provides some tools for basic TPM operations
> (separate project called tpm-tools which depends on Trousers). You may need
> Trousers for the sake of those tools for taking ownership of the TPM and
> other basic operations and in that case you will need to install trousers
> and run tcsd daemon. Otherwise, unless you developing/using secure
> applications that in some way rely on TPM you don't need to worry yourself
> with it.
>
> Hope this helps.
>
> ------------------------------
>
> *From: *"David Li" <[email protected]>
> *To: *[email protected]
> *Sent: *Thursday, September 18, 2014 1:00:51 PM
> *Subject: *[TrouSerS-users] Do I need Trousers stack?
>
>
> Hi,
>
>
> I am totally new here. I have a x86_64 server from a vendor. It has an
> onboard TPM 1.2 chip. The server is running a small Tinycore Linux. My
> goal is to use TPM to ensure the server's firmware not tampered or changed
> on each reboot.
>
> I enabled TPM support in the kernel and now I can read PCR values under
> /sys/class/misc/tpm0/devices. These are populated by the vendor's uEFI
> firmware I think.
>
> The question is this: If I just want to read the PCR values and make sure
> they are not changed from last time. Do I still need Trousers Stack?
>
> Thanks.
>
>
> ------------------------------------------------------------------------------
> Slashdot TV. Video for Nerds. Stuff that Matters.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk
> _______________________________________________
> TrouSerS-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/trousers-users
>
>
>
------------------------------------------------------------------------------
Slashdot TV. Video for Nerds. Stuff that Matters.
http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
