TPM & disk crypto

Erik Tews erik at debian.franken.de
Thu Oct 5 17:51:49 EDT 2006 

Am Donnerstag, den 05.10.2006, 16:25 -0500 schrieb Travis H.:
> On 10/2/06, Erik Tews <erik at debian.franken.de> wrote:
> > Am Sonntag, den 01.10.2006, 23:42 -0500 schrieb Travis H.:
> > > Anyone have any information on how to develop TPM software?
> >                      http://tpm4java.datenzone.de/
> > Using this lib, you need less than 10 lines of java-code for doing some
> > simple tpm operations.
> 
> Interesting, but not what I meant.  I want to program the chip to verify
> that the BIOS, boot sector, root partition conform to *my* specification.
> 
> I don't want binary-only hardware-enforced vendor lock-in, that went
> out of fashion
> with the mainframe and proprietary data[base] formats.

You can do that (at least in theory).

First, you need a system with tpm. I assume you are running linux. Then
you boot your linux-kernel and an initrd using the trusted grub
bootloader. Your bios will report the checksum of trusted grub to the
tpm before giving control to your grub bootloader. Your grub bootloader
will then report the checksum of your kernel and your initrd to the tpm
before giving control to them.

After your kernel has bootet and given control to your initrd, you can
checksum your root-partition (or do something similar, like just
checking if there are setuid binarys or checksum just your shadow-file)
and report that to the tpm using a little java-application and tpm4java.

Later, you can remotely query your system and get a report what has been
bootet on your system. You can do this query using a java application
and tpm4java.

All applications like linux, grub, tpm4java are open source (you will
need a java-vm, there are some open source vms, you should be able to
use with tpm4java). The only thing which is not open source is the bios
and the exact hardware design of your tpm chip in your pc.

One thing you should know is, that a tpm can never find out, if a
software meets some specifications, like does not have an buffer
overflow or does not execute code from the network or so. You just can
check is has not been altered.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20061005/3c6ff48c/attachment.pgp>

More information about the cryptography mailing list