On Wed, Nov 12, 2014 at 1:37 PM, John D. Ramsdell <[email protected]> wrote: > David Li <[email protected]> writes: > >> Can an attacker easily change or swap these hash values inside the TPM >> if he has the root privilege? > > The scenario I described is designed to allow remote parties to detect > an OS image that has been modified by the adversary. The scenario > assumes we trust the everything up to and including the boot loader, as > it is what places values in the PCRs. Suppose the adversary knows the > provisioned set of PCR hashes, and has inserted code into the OS image.
Forgive my curiosity, but how would one use the PCR in this situation? Just getting its value with TPM_PRCRead does not seem secure, because the application would have to trust that the kernel is returning the actual value stored in the TPM, and not making it up, which it might do if it is compromised (by inserting code into the OS image). > To remain undetected, when the adversary's code is executed, the > adversary would like to replace the PCR values measure by the boot > loader with ones in the provisioned set. The TPM is designed to prevent > this attack. When one extends a PCR, one computes the hash of the > current value and the new value, and places that hash in the PCR. > Because of the hashing, it improbable that the adversary can extend the > PCR with a value that would reproduce the provisioned value. > > There are ways to remove the BIOS and the boot loader from the list of > trusted components. Intel's TXT hardware, and AMD's equivalent provide a > means by which the hardware measures software used in the early boot > process. > > John > > ------------------------------------------------------------------------------ > Comprehensive Server Monitoring with Site24x7. > Monitor 10 servers for $9/Month. > Get alerted through email, SMS, voice calls or mobile push notifications. > Take corrective actions from your mobile device. > http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk > _______________________________________________ > TrouSerS-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/trousers-users ------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
