John,
Thanks for the pointer. I installed tpmquote tool. It looks very
interesting. However the website doesn't have much info. Is there a doc how
to use the tool in addition to man pages? Any examples?
David
On Mon, Nov 3, 2014 at 10:09 AM, John D. Ramsdell <[email protected]>
wrote:
> If you have the hashes, you can verify them using TPM Quote Tools
> <http://tpmquotetools.sourceforge.net/>. It is packaged for Fedora, so
> if you are using it, you can install the package with "sudo yum install
> tpm-quote-tools".
>
> John
>
> David Li <[email protected]> writes:
>
> > Hi Luigi,
> >
> > Thanks for the link. It's very interesting.
> >
> > My case might be different from Chromium. I don't have control over
> > the firmware (uEFI + option ROMs + bootloader) on the board. The
> > vendor did all the hashes using CRTM as root of trust and stored them
> > in the TPM PCRs. So that's my starting point assuming you trust all
> > the hashes inside. I don't have a requirement to do any verification
> > post-firmware yet.
> >
> > So my problem is how to securely verify those hash values against the
> > "known good ones". The know good ones are those that are provided by
> > the board vendor before product shipping and I have to trust. I am
> > trying to detect any tampering of those in the field by using TPM.
> >
> > Since I don't control the firmware, I have no way to store the know
> > good hashes (e.g for boot loader) inside a verified firmware. I can
> > certainly store them off board in a secure location. But I also heard
> > you can store them inside the TPM too.
> >
> > David
>
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
