2011/7/18 Denys Vlasenko <dvlasenk@xxxxxxxxxx>:
> On Thu, 2011-06-23 at 18:15 +0200, Miloslav Trmač wrote:
>> The TPM allows verifying that this kernel (and only this kernel) is
>> actually running. An attacker with access to the hard drive ("evil
>> maid") can modify the code to disable any signature check that would
>> be done in software (e.t. inside grub); TPM cannot be bypassed this
>> way.
>
> How is this possible? The kernel was somehow installed. TPM was informed
> about it (I don't know, sha hash was written into a flash
> which is physically in the processor?).
I'm not quite sure how the installation procedure is supposed to work
- however, in the end, a hash that represents the "right" system is
stored in the TPM. Cryptographic keys that are stored in the TPM are
then bound to this hash, and accessible only when the booting system
matches this hash.
> Why attacker with physical access to the computer
> can't install his tampered kernel and save its hash?
Once the cryptographic keys are bound to a specific hash, the attacker
can not access them without booting system that matches this hash. An
attacker can not boot a different system and then change the hash to
which the key is bound.
Mirek
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
