[go: up one dir, main page]
|
|
Log in / Subscribe / Register

The Integrity Measurement Architecture

The Integrity Measurement Architecture

Posted May 28, 2005 19:03 UTC (Sat) by Ross (guest, #4065)
In reply to: The Integrity Measurement Architecture by jamesm
Parent article: The Integrity Measurement Architecture

Presumably you would just lie to the hardware that does the checksums. It
has no way to verify what you tell it is valid and will end up signing bad
data. Normally this wouldn't be possible because untrusted code isn't
allowed to run, and even if it did, it would corrupt the secret state
information. All bets are off when the untrusted code is in charge from the
start. But maybe I misunderstand.

to post comments

The Integrity Measurement Architecture

Posted Jun 2, 2005 8:51 UTC (Thu) by emj (guest, #14307) [Link]

Since you start loading the PCRs when you use GRUB you can be assured that the boot block where grub resides is ok and that the kernel that GRUB loads is ok.

But it all hangs on the weakest link during startup, if you manage to crack the bootup process to insert your own code then: Yes you can fool TCPA/TPM. But as long as you can load the kernel and there's no root exploit in it, you will have a verifiable environment.

The TCPA chip of course rely alot on the human administrating the computer. You need to lock it down alot to make this work.

The measurement taken

Posted Jun 2, 2005 8:53 UTC (Thu) by emj (guest, #14307) [Link]

These are the steps when booting:

http://www.research.ibm.com/secure_systems_department/pro...


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds