My $0.02,
It might be better to use the TPM to perform a "seal" operation on some key
data needed for the system to operate. (that is, seal it to a known good PCR
value) If an attacker can forge a PCR read, it's likely that s/he could also
cause the system to believe that an invalid signature is actually valid.
Regards,
Mike
From: David Li <[email protected]<mailto:[email protected]>>
Date: Wednesday, November 12, 2014 at 7:24 PM
To: Luigi Semenzato <[email protected]<mailto:[email protected]>>
Cc: trousers-users
<[email protected]<mailto:[email protected]>>,
"[email protected]<mailto:[email protected]>"
<[email protected]<mailto:[email protected]>>
Subject: Re: [TrouSerS-users] System boot integrity check with TPM
I think there might be two aspects of the issue.
My understanding is first the OS reporting PCR values has to be trustable. It's
typically on a separate machine in a secure site or a specially built kernel
image stored on a tamper-proof card that can be plugged in when necessary.
Secondly the PCR values would be reported back together with a signature signed
by the AIK (private key) inside the TPM so the secure OS can verify it.
These two conditions combined would allow an user to verify the reporting.
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
