On 10/21/2014 1:36 PM, David Li wrote: > My goal is to use TPM to perform system boot integrity checks. My > server's UEFI > firmware can extend PCRs with hash values on the firmware modules along > the boot chain. > So this is what I have to base upon. > > As I am researching how to do this securely, I came upon some questions: > > 1. I understand that I will need to create an AIK (a RSA pair) to sign > the PCRs. Can I create an Privacy CA to issue certificate on the AIK I > created? Do I also need the TPM manufacturer's EK certificate in this > process? Another question is how this signing process accomplished? Is > it automatically done by the TPM or an external piece software does it > upon bootup is done?
The TPM cannot create X.509 certificates. You have two choices: 1 - Create an AIK and use the makeidentity/activateidentity protocol to securely provision a certificate. The EK and EK certificate are used in this protocol to prove to the CA that the TPM AIK is genuine. 2 - If you somehow trust the public key already, you can use an "info" key. > 2. In order to compare the real-time measured PCR values to "known good > ones", where do I store the "known good values" to start with? I can > think of two places: one is inside the TPM somewhere and the other is > outside the TPM in a remote secure location. What's the recommendation? It's not your local machine that's validating the measurements. It's a remote platform that is doing some sort of monitoring. It has to already know what the good measurements are, although sometimes there's an assertion that "the measurements obtained the first time are known good values." ------------------------------------------------------------------------------ _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
