TPM & disk crypto

[Kuehn, Ulrich]

> From: Ivan Krstić [mailto:krstic at solarsail.hcs.harvard.edu] 
> Kuehn, Ulrich wrote:
> > Who is "we"? In the case of my own system I payed for (so 
> speaking for 
> > myself) I would like to have such a mechanism to have the 
> system prove 
> > to me before login that it is not tampered with. The TCG 
> approach does 
> > not provide this.
> 
> What does "prove" mean here? Does having a hash of the system 
> state for visual inspection before boot do it?
> 
Well, reliably obtaining the end of a hash chain would do, but it would be very inconvenient to compare that manually (visually) to a hash written on a piece of paper in my wallet. That is not user-friendly. However, if the system provided a possibility to reliably stop the boot process when something is changed, that would do.

With reliably stopping the boot process I mean the following: Given that stage i of the process is running, it takes the hash of the next stage, compares that to an expected value. If they match, the current stage extends the TPM register (when also running the TCG stuff), and executes the next stage. If the computed and expected hashes do not match, the machine goes into a predetermined halt state. 

Predetermined means that the system administrator (on behalf of the system owner) can determine the expected hash value. 

I hope this makes it clear what I meant in the text quoted above. 

To implement this the TCG-preBIOS would need to implement this halt state, possibly along with some other additional features like where to store the expected hashes etc.

Cheers,
Ulrich

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com