Question on Trusted Boot
by Li, David
Hi,
I am new to TCG. My understanding is that in SRTM BIOS itself is assumed to be trustable. It's not measured on a PC client during the boot since it's the first one being loaded and executed. But it forms the basis of chain of trustable measurements. Is this correct?
What if my BIOS can't be trusted? Can I still do remote attestation of the PC client booted this way?
Thanks.
---
David Li
Cloudshield Technologies
SAIC
11 years, 5 months
Question on Trusted Boot
by Kenneth Goldman
You have to be precise about whether "BIOS" means the CRTM or the rest
of the BIOS after the CRTM.
As you say, the CRTM has to be trusted. It's the 'core root of trust'.
You have to trust that the OEM implemented it correctly, and also that
the OEM protected it against software attacks.
If the rest of the BIOS can't be trusted, you can still do an attestation.
The remote party checks the PCRs, and it decides whether the rest of the
BIOS can be trusted.
trusted-computing-bounces(a)lists.fedorahosted.org wrote on 08/23/2011
08:01:05 AM:
> ----- Message from "Li, David" <LiD(a)cloudshield.com> on Mon, 22 Aug
>
> I am new to TCG. My understanding is that in SRTM BIOS itself is
> assumed to be trustable. It’s not measured on a PC client during the
> boot since it’s the first one being loaded and executed. But it
> forms the basis of chain of trustable measurements. Is this correct?
>
> What if my BIOS can’t be trusted? Can I still do remote attestation
> of the PC client booted this way?
11 years, 5 months
