On Mon, 2011-08-22 at 17:08 -0700, Li, David wrote:
Hi,
I am new to TCG. My understanding is that in SRTM BIOS itself is
assumed to be trustable. It’s not measured on a PC client during the
boot since it’s the first one being loaded and executed. But it forms
the basis of chain of trustable measurements. Is this correct?
It is measured, but at least the initial component (e.g. BIOS boot
block) can't be measured by an independent entity and thus must be
trusted as the core root of trust for measurement (CRTM). The CRTM
measures itself and the rest of BIOS among other things into PCR-0. In
some implementations, the CRTM may be the entire BIOS; in others, it may
be just the BIOS boot block.
What if my BIOS can’t be trusted? Can I still do remote attestation
of the PC client booted this way?
Can you define what you mean by "can't be trusted"? What's your threat
model? If you can't trust the static CRTM, then you should use DRTM
instead, e.g. Intel TXT (actually, that's preferable in general if your
hardware supports it). But even there you will have some residual
vulnerability to SMM and thus a dependency on the BIOS until STMs are
available.
--
Stephen Smalley
National Security Agency