Trusted-computing August 2011

trusted-computing@lists.fedorahosted.org

4 participants
2 discussions

Question on Trusted Boot
by Li, David 29 Aug '11

29 Aug '11

Hi, I am new to TCG. My understanding is that in SRTM BIOS itself is assumed to be trustable. It's not measured on a PC client during the boot since it's the first one being loaded and executed. But it forms the basis of chain of trustable measurements. Is this correct? What if my BIOS can't be trusted? Can I still do remote attestation of the PC client booted this way? Thanks. --- David Li Cloudshield Technologies SAIC

3 6

Question on Trusted Boot
by Kenneth Goldman 24 Aug '11

24 Aug '11

You have to be precise about whether "BIOS" means the CRTM or the rest of the BIOS after the CRTM. As you say, the CRTM has to be trusted. It's the 'core root of trust'. You have to trust that the OEM implemented it correctly, and also that the OEM protected it against software attacks. If the rest of the BIOS can't be trusted, you can still do an attestation. The remote party checks the PCRs, and it decides whether the rest of the BIOS can be trusted. trusted-computing-bounces(a)lists.fedorahosted.org wrote on 08/23/2011 08:01:05 AM: > ----- Message from "Li, David" <LiD(a)cloudshield.com> on Mon, 22 Aug > > I am new to TCG. My understanding is that in SRTM BIOS itself is > assumed to be trustable. It’s not measured on a PC client during the > boot since it’s the first one being loaded and executed. But it > forms the basis of chain of trustable measurements. Is this correct? > > What if my BIOS can’t be trusted? Can I still do remote attestation > of the PC client booted this way?

2 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

Trusted-computing August 2011