On Wed, Nov 12, 2014 at 5:43 PM, Luigi Semenzato <[email protected]>
wrote:
> On Wed, Nov 12, 2014 at 1:37 PM, John D. Ramsdell <[email protected]>
> wrote:
> > David Li <[email protected]> writes:
> >
> >> Can an attacker easily change or swap these hash values inside the TPM
> >> if he has the root privilege?
> >
> > The scenario I described is designed to allow remote parties to detect
> > an OS image that has been modified by the adversary. The scenario
> > assumes we trust the everything up to and including the boot loader, as
> > it is what places values in the PCRs. Suppose the adversary knows the
> > provisioned set of PCR hashes, and has inserted code into the OS image.
>
> Forgive my curiosity, but how would one use the PCR in this situation?
> Just getting its value with TPM_PRCRead does not seem secure, because
> the application would have to trust that the kernel is returning the actual
> value stored in the TPM, and not making it up, which it might do
> if it is compromised (by inserting code into the OS image).
>
I think there might be two aspects of the issue.
My understanding is first the OS reporting PCR values has to be trustable.
It's typically on a separate machine in a secure site or a specially built
kernel image stored on a tamper-proof card that can be plugged in when
necessary.
Secondly the PCR values would be reported back together with a signature
signed by the AIK (private key) inside the TPM so the secure OS can verify
it.
These two conditions combined would allow an user to verify the reporting.
>
> > To remain undetected, when the adversary's code is executed, the
> > adversary would like to replace the PCR values measure by the boot
> > loader with ones in the provisioned set. The TPM is designed to prevent
> > this attack. When one extends a PCR, one computes the hash of the
> > current value and the new value, and places that hash in the PCR.
> > Because of the hashing, it improbable that the adversary can extend the
> > PCR with a value that would reproduce the provisioned value.
> >
> > There are ways to remove the BIOS and the boot loader from the list of
> > trusted components. Intel's TXT hardware, and AMD's equivalent provide a
> > means by which the hardware measures software used in the early boot
> > process.
> >
> > John
> >
> >
> ------------------------------------------------------------------------------
> > Comprehensive Server Monitoring with Site24x7.
> > Monitor 10 servers for $9/Month.
> > Get alerted through email, SMS, voice calls or mobile push notifications.
> > Take corrective actions from your mobile device.
> >
> http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk
> > _______________________________________________
> > TrouSerS-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/trousers-users
>
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
