Pritha,
If you have a trustworthy means of putting measurements into PCRs at boot time,
you only need a TPM quote to attest to the fact that a kernel with the correct
measurements has been booted. To determine if a target machine should be
trusted, an appraiser sends a nonce to the target machine, and the target
machine generates a quote based on the nonce and the specified PCRs. The
appraiser can validate the quote based on data gathered at provisioning time.
You might find this procedure an easier means to validate a kernel as the
appraisal is performed off platform.
John
From: Pritha Ganguly <[email protected]>
Date: Monday, March 6, 2017 at 12:18 AM
To: Tadd Seiff <[email protected]>, "[email protected]"
<[email protected]>
Subject: Re: [TrouSerS-users] Re : About resetting TPM PCRs on reboot;
Hi Tadd,
Actually I wanted to use TPM for secure boot feature.
I'm not able to understand how the lower PCRs can be used for the same if they
are not getting reset to their default values.
Here's what I have understood about how to use the PCRs for secure boot. Please
correct me if I'm wrong.
For example at the bootloader stage, I want to allow only trusted kernel image
to boot the system. These are the steps that can be followed ( Reference :
https://www.sec.in.tum.de/assets/Backup/Studentenworks/finished/lorenz2012.pdf
page 41-44) :-
Initialization step :
1. The hash of the kernel image is stored in memory - hash(kernel_old).
2. A 20 byte random number - a secret is generated by the TPM and it's stored
in the NVRAM which is write and password protected.
3. X = hash(hash(kernel_old) || secret) is calculated.
4. PCR 1 is extended with X.
5. Now X is sealed with PCR1 and the sealed blob is stored in memory.
Verification step (after system reboot at bootloader stage) :
1. The secret is read from the NVRAM location by giving the password.
2. The hash of the kernel image to be loaded is generated - hash(kernel_new)
and as in step 3 of the initialization step, X' = hash(hash(kernel_new)||
secret) is calculated.
3. PCR 1 is extended with X'.
3. If the PCR configurations match then only the sealed blob obtained in step 5
of initialization step i.e X can be unsealed.
4. If unsealing is possible, then X is obtained.
5. If X == X', then only the kernel image is allowed to load and boot else the
boot process halts.
Now my query is, if I've already extended PCR 1 during initialization step and
it fails to reset to it's default value on reboot, how can I use PCR1 for
unseal operation in the verification stage?
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
