> I sort_of_assumed that PCR-18 would only be present if the policy > verification passed, and would be different different (or all 0s) when the > verification failed. > This is a bit dangerous if anyone uses it.
You need to use "halt" policy. > I think something simple like hashing "1" into it when it fails verification > would make it useful If your system is compromised, how do you ensure that this actually happens? If you use "halt" policy, the system won't boot with a tampered kernel/initrd unless TXT is off. If TXT is off, PCR 18 will be invalid. So my recommendation is: "halt" policy, pcr_map=da, and protect sensitive data by sealing it against PCR 18. Unless I am overlooking something, that should be reasonably safe. Martin ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
