Re: Trusted Boot in Fedora

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Matthew Garrett <mjg59 <at> srcf.ucam.org> writes:

> ... 
> http://fedoraproject.org/wiki/Features/Trusted_Boot is a proposed 
> feature for F16.
> ...

Hi,

there will be some posts on Fedora users and testers lists, so please take
a look.

http://lists.fedoraproject.org/pipermail/users/2011-June/400539.html

http://lists.fedoraproject.org/pipermail/test/2011-June/100976.html

In the meantime, I got access to this mailing list, so all is well :-)

I have done some inventory on this topic, and have some questions.

The Intel Trusted Platform consists of two components:
- Trusted Platform Module (TPM) chip
  A hardware component, consisting of cryptographic processor and secure
  memory.
- Trusted Boot 
  A software component, open-source and partially close-source (?) components,
  in Fedora packages.
  # yum install tboot
  Installing:
  tboot            i686         20110429-1.fc15     fedora         355 k
  Installing for dependencies:
  trousers         i686         0.3.6-1.fc15        fedora         279 k

Trusted Boot is a mechanism by which a pre-kernel/VMM module (that uses Intel
Trusted Execution Technology (Intel TXT)) performs a measured (pre-identified)
and verified launch of an OS kernel/VMM.

First, the obvious questions.

Why do you need Trusted Boot mechanism to ensure that identified and origin-
verified Linux kernel is booted ?
Why signing a kernel (a la GPG) is not good enough to verify its origin at
boot time ?

Now, regarding the Trusted Boot solution.

The obvious question:
why does an open-source distro like Fedora (but also Red Hat) want to
philosophically accept and technically support this solution ?

Will the TPM allow a third party remote access to the machine ?

Will the TPM be BIOS-configurable (enable/disable) by the user (hardware
owner) ?
If so, how will that impact the kernel selection in boot process (tboot
enable/disable) ?

How is that tboot blob module secured from tampering ?
By the virtue of beeing associated with the "root of trust" ?

If the Launch Control Policy can be created and modified by the user, then
what prevents an attacker from impersonating the usersysadmin, modifying
the policy, and causing a denial-of-boot or unintended-boot attack ?

There is more that this project implements (root of trust, etc).

Ref: tcsd(8)
Can that "root of trust" be compromised by TSS applications or any other
means (e.g. through tools provided by this project) ?

...
Ref: tcsd(8)
DEVICE DRIVERS
       tcsd is compatible with the IBM Research TPM device driver available
       from http://www.research.ibm.com/gsal/tcpa and the TPM device driver
       available from http://sf.net/projects/tmpdd

Are these drivers open-source ? Is TPM device driver open-source ?
 
JB


-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux