I see the ver 1.0 Virtualized Trusted Platform Architecture Specification has just been
published. Given that this is fairly new, are there any open source implementations or
activities focusing on this effort?
---
David Li
Cloudshield Technologies
SAIC
From: trusted-computing-bounces(a)lists.fedorahosted.org
[mailto:trusted-computing-bounces@lists.fedorahosted.org] On Behalf Of George Wilson
Sent: Tuesday, September 27, 2011 9:47 AM
To: Li, David
Cc: Lee Wilson; trusted-computing(a)lists.fedorahosted.org
Subject: Re: [Trusted-computing] TPM measurement during a PXEboot
Hi David,
It is being worked on now. If you are a TCG member, you should be able to get access to a
draft. Adding Lee Wilson on copy as he chairs that WG.
Regards,
George Wilson
IBM Linux Technology Center
Security Architect & Team Lead
512-286-9271
[cid:image001.gif@01CC898A.AF69A410]"Li, David" ---09/27/2011 11:19:17
AM---"Li, David" <LiD@cloudshield.com<mailto:LiD@cloudshield.com>>
"Li, David" <LiD@cloudshield.com<mailto:LiD@cloudshield.com>>
Sent by:
trusted-computing-bounces@lists.fedorahosted.org<mailto:trusted-computing-bounces@lists.fedorahosted.org>
09/27/2011 10:21 AM
To
"Cihula, Joseph"
<joseph.cihula@intel.com<mailto:joseph.cihula@intel.com>>,
"trusted-computing@lists.fedorahosted.org<mailto:trusted-computing@lists.fedorahosted.org>"
<trusted-computing@lists.fedorahosted.org<mailto:trusted-computing@lists.fedorahosted.org>>
cc
Subject
Re: [Trusted-computing] TPM measurement during a PXEboot
I searched TCG and it’s not obvious to me. Is there a TCG standard on DRTM?
---
David Li
Cloudshield Technologies
SAIC
Tel. 408-212-9265 (work)
650-224-3891 (cell)
From: Cihula, Joseph [mailto:joseph.cihula@intel.com]
Sent: Tuesday, September 27, 2011 12:00 AM
To: Li, David;
trusted-computing@lists.fedorahosted.org<mailto:trusted-computing@lists.fedorahosted.org>
Subject: RE: TPM measurement during a PXEboot
You could try a dynamic root of trust, which can be initiated from a PXE-booted image and
won’t depend on whether the PXE ROM measures it or not.
Joe
From:
trusted-computing-bounces@lists.fedorahosted.org<mailto:trusted-computing-bounces@lists.fedorahosted.org>
[mailto:trusted-computing-bounces@lists.fedorahosted.org]<mailto:%5Bmailto:trusted-computing-bounces@lists.fedorahosted.org%5D>
On Behalf Of Li, David
Sent: Monday, September 26, 2011 5:08 PM
To:
trusted-computing@lists.fedorahosted.org<mailto:trusted-computing@lists.fedorahosted.org>
Subject: [Trusted-computing] TPM measurement during a PXEboot
I know the spec (TCG EFI Platform Spec v1.2) doesn’t explicitly mention what to do in a
PXEBoot regarding kernel image TPM measurement. Sounds like this should fall into the
general category of kernel measurement into PCR4 and 5. Now in my case, this is a gray
area in reality. Typically PXEboot is handed by the PXE ROM in a NIC card and not by the
motherboard BIOS. What if the main BIOS does its job but has to stop at the PXE ROM while
the PXE ROM doesn’t measure the loader and kernel image at all? In other words, if my
chain of trust stops (or breaks) at the PXE ROM, is there any other way to solve this
problem?
Thanks.
---
David Li
Cloudshield Technologies
SAIC
_______________________________________________
Trusted-computing mailing list
Trusted-computing@lists.fedorahosted.org<mailto:Trusted-computing@lists.fedorahosted.org>
https://fedorahosted.org/mailman/listinfo/trusted-computing