Trusted Boot in Fedora
Denys Vlasenko
dvlasenk at redhat.com
Mon Jul 18 15:29:07 UTC 2011
On Thu, 2011-06-23 at 18:15 +0200, Miloslav Trmač wrote:
> On Thu, Jun 23, 2011 at 4:21 PM, JB <jb.1234abcd at gmail.com> wrote:
> > I have done some inventory on this topic, and have some questions.
> I'm not really an expert on this... Hopefully someone will correct my mistakes.
>
> > Why do you need Trusted Boot mechanism to ensure that identified and origin-
> > verified Linux kernel is booted ?
> > Why signing a kernel (a la GPG) is not good enough to verify its origin at
> > boot time ?
> The TPM allows verifying that this kernel (and only this kernel) is
> actually running. An attacker with access to the hard drive ("evil
> maid") can modify the code to disable any signature check that would
> be done in software (e.t. inside grub); TPM cannot be bypassed this
> way.
How is this possible? The kernel was somehow installed. TPM was informed
about it (I don't know, sha hash was written into a flash
which is physically in the processor?).
Why attacker with physical access to the computer
can't install his tampered kernel and save its hash?
--
vda
More information about the devel
mailing list