My server's motherboard is shipped with TPM and the vendor already placed
firmware hash values in the PCRs. This is not under my control each time
the server boots up. My goal as an user is to authenticate these values and
confirm they are the same as previously stored good ones. Apologize if
these have been discussed before.
The questions I am struggling with are:
1. How would the vendor prove that these PCR values are authentic? Does it
sign them with the AIK private key? In other words, can an attacker easily
put in his own PCR values if he has the root privilege in OS?
2. How would I be able to authenticate these values? Should I somehow
obtain an certificate on the AIK public key and use that to verify the
signatures on these PCR values?
3. How do I accomplish step 2 using tpm tools? Is there an example?
Thanks!
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
