TPM & disk crypto

Thread: TPM & disk crypto

Search this list only Search all lists
TPM & disk crypto
	2006-10-05 22:52:46
On 10/5/06, Erik Tews <erikdebian.franken.de> wrote: > First, you need a system with tpm. I assume you are running linux. Then > you boot your linux-kernel and an initrd using the trusted grub > bootloader. Your bios will report the checksum of trusted grub to the > tpm before giving control to your grub bootloader. Your grub bootloader > will then report the checksum of your kernel and your initrd to the tpm > before giving control to them. Awesome, that's incredibly useful information. I had not heard of trusted grub. Thanks! > One thing you should know is, that a tpm can never find out, if a > software meets some specifications, like does not have an buffer > overflow or does not execute code from the network or so. You just can > check is has not been altered. Of course. However, you can sandbox x86 code efficiently: http://www.usenix.org/events/sec06/tech /mccamant/mccamant_html/index.html -- Enhance your calm, fellow citizen; it's just ones and zeroes. Unix "guru" for rent or hire -><- http://www.li ghtconsulting.com/~travis/ GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 ------------------------------------------------------------ --------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomometzdowd.com

TPM & disk crypto
	2006-10-06 22:52:21
There are a few more things to know about TPM (I've been playing with it recently, and the scars have not healed yet). First, very few systems, mostly laptops, support it. The only server platform I found that supports it is the IBM eSeries 366, and even then, its BIOS does not have support for it (hence, no support for authenticated booting (if you want to know the difference between authenticated and secure booting, it's explained in the trusted-grub page). Much of the software is still work-in-progress. Fortunately, the people working on it are incredibly helpful. The documentation of the spec is atrocious. It's a 700-page document written in some vague approximation of English, with no rhyme or reason to its structure. If you have more specific questions and don't want to bother the whole list, send me e-mail. /ji ------------------------------------------------------------ --------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomometzdowd.com

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )