hello everyone
i don't know if this is the better place to post my question...whatever..i
try...
i'm studying the TPM chip in the Trusted/Secure boot for my stage!
i red some pages from
https://prosec.trust.rub.de/trusted_grub_details.html#howdoesitwork
about implementation of trusted grub and i think that that is what i'm looking
for!
i have few question to you about how does it works and how i have to use it!
i am using Kubuntu, i have grub loader and the Intel Tpm chip version 1.2.
the chip has already an Endorsement Key so i don't have to create it!
1st list of questions:
the steps of your trusted grub are:
-after the reset, the processor loades the bios(question: in this step,does the
cpu calls the tpm to measure the bios?? )
-bios execute the POST (Power On Self Test) to ensure that every components are
ok, then measures the first part of grub, the stage 1 in the Master boot Of
record, (question: is the bios to call it or is the TPM that in the first step
controls the stage 1 after the bios measurement ??)if it has the same digest as
the one stored in the pcr 4 it passes the test, so the bios loades it and
transfer the execution to it
-the stage 1 measures the digest of stage part 1 (why the stage 2 has two
parts? i don't understand..) stored somewhere in the hard disk and if it is the
same of the one stored in PCR 8 it passes the test and load it
-the stage 2 part 1 measures the stage 2 part 2 and if it pass the test it will
be loaded and transfer the control to it
-stage 2 part 2 shows the different O.S. installed and let the user to select
what he wants to load, after that it measures the sha1 of kernel of the
selected S.O. with its initrd and modules (all together right?) and if it is
the same of the one stored in PCR 14 it transfer control to the O.S.
-optional: stage 2 can measures the sha1 of some files that i need to be
trusted (example: /etc/passwd) and it compares the digest with the one stored
in PCR 13 (and if i have more than 1 file it compares the digest of all files
together with the one present in some PCR..which one? )
-trusted grub has finished
all these steps are repeated always at every boot?
when does TPM ask the PubEk? and how does it use it? it uses to encrypt the
sha1 result that is sent to the tpm? if so...the TPM decrypt the sha1 and
compares it to the one that it has stored previously? what does it return? how
Trusted grub understand that it's all ok?
how i have to store the sha1 of stage1, stage2 part1 part2 and so on.. in PCRs?
when i have to do it? in the O.S. loaded with some application that can
comunicate with the TPM to set up it?
i tried to install yout patch but i have the gcc 4.1 and the 3.4 installed, i
red that i need the 3.X ... so... how i can use the gcc version 3.X?
that's all...
please...help me...
---------------------------------
---------------------------------
L'email della prossima generazione? Puoi averla con la nuova Yahoo! Mail_______________________________________________
Grub-devel mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/grub-devel
