Re: [Trusted-computing] Question on Trusted Boot

Hi Stephen, >> >> >> I am new to TCG. My understanding is that in SRTM BIOS itself is >> assumed to be trustable. It’s not measured on a PC client during the >> boot since it’s the first one being loaded and executed. But it forms >> the basis of chain of trustable measurements. Is this correct? > >It is measured, but at least the initial component (e.g. BIOS boot >block) can't be measured by an independent entity and thus must be trusted >as the core root of trust for measurement (CRTM).  The CRTM measures itself >and the rest of BIOS among other things into PCR-0.  In some >implementations, the CRTM may be the entire BIOS; in others, it may be just >the BIOS boot block. > >> What if my BIOS can’t be trusted?  Can I still do remote attestation >> of the PC client booted this way? > >Can you define what you mean by "can't be trusted"?  What's your threat >model?  If you can't trust the static CRTM, then you should use DRTM instead, >e.g. Intel TXT (actually, that's preferable in general if your hardware supports >it).  But even there you will have some residual vulnerability to SMM and thus >a dependency on the BIOS until STMs are available. > [Li, David] My threat model has to assume an attacker can gain physical access to the motherboard and reflash the BIOS.  That's why I worry about using TPM to ensure a trusted boot. I am aware of TXT (not in a detailed way). But what's STM? Any pointers? >-- >Stephen Smalley >National Security Agency _______________________________________________ Trusted-computing mailing list Trusted-computing(a)lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/trusted-computing