On Mon, Jan 07, 2019 at 09:25:55PM -0800, Mat wrote: Good day again.
> So, what is the criterion to implement Secure boot or Trusted boot. > Where are the instructions to implement either? What are some > minimum pre-requisites on existing Router (say) to implement either. As I noted in my previous e-mail, the most fundamental issue is hardware support for either Secure Boot or TXT. If you choose to use Secure Boot I doubt if your routers are running Windows so you will need to install a platform key that you hold the private key for. You will use that private key to sign whatever operating system image you will be booting. There are any number of resources available on the WEB that describe how to create and install a custom platform key. Implementing TXT is a bit more involved. At a minimum you need to reconfigure the boot process to use tboot as the primary kernel image and to specify the kernel as a multiboot module along with its initrd/initramfs image as an additional module. This will produce a system that boots the kernel into a known hardware state. You will, at a minimum, want to have a Launch Policy (LP) that specifies the desired signature (hash) of the kernel to verify the kernel that booted is the one you wanted to boot. A more sophisticated implementation will also want to include verification of a hardware quote over TPM based Platform Configuration Registers (PCR's) that verify a known state of the hardware/firmware that the known kernel image is booting into. As I mentioned in my previous e-mail, all of this gets you to a point where you have a known operating system image running. Verifying the ongoing status of the platform requires that an integrity verification architecture be built upon this root of trust. The Linux Integrity Measurement Architecture (IMA) is built to sit on top of a TXT based boot and provide hardware based integrity logging. I haven't looked at the code in a while but I believe there has been some work to link the integrity chain it provides to a Secure Boot root of trust as well. In order to implement a competent security statement there has to be some type of attestation by an external verifying party as to the state of the integrity logs. In either the case of TXT or Secure Boot, a correct solution involves more then invoking some instructions or commands. Constructing a high security assurance platform requires a fair amount of platform engineering and architecture expertise. Personally I don't think it is the domain of standard Linux distributions given how large and complex they have become. Hopefully the above information is helpful. Dr. Greg As always, Dr. Greg Wettstein, Ph.D, Worker IDfusion, LLC 4206 N. 19th Ave. Implementing measured information privacy Fargo, ND 58102 and integrity architectures. PH: 701-281-1686 FAX: 701-281-3949 EMAIL: g...@idfusion.org ------------------------------------------------------------------------------ "I can only provide the information, I can't make you hear it." -- Shelley Bainter _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel