TPM & disk crypto
Travis H.
solinym at gmail.com
Thu Oct 5 18:52:46 EDT 2006
On 10/5/06, Erik Tews <erik at debian.franken.de> wrote:
> First, you need a system with tpm. I assume you are running linux. Then
> you boot your linux-kernel and an initrd using the trusted grub
> bootloader. Your bios will report the checksum of trusted grub to the
> tpm before giving control to your grub bootloader. Your grub bootloader
> will then report the checksum of your kernel and your initrd to the tpm
> before giving control to them.
Awesome, that's incredibly useful information.
I had not heard of trusted grub. Thanks!
> One thing you should know is, that a tpm can never find out, if a
> software meets some specifications, like does not have an buffer
> overflow or does not execute code from the network or so. You just can
> check is has not been altered.
Of course. However, you can sandbox x86 code efficiently:
http://www.usenix.org/events/sec06/tech/mccamant/mccamant_html/index.html
--
Enhance your calm, fellow citizen; it's just ones and zeroes.
Unix "guru" for rent or hire -><- http://www.lightconsulting.com/~travis/
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list