On Sat, Apr 23, 2016 at 02:57:55PM +0200, Kevin Kofler wrote: > Matthew Garrett wrote: > > Measured boot is a process whereby each component in the boot chain > > "measures" the next component. In the TPM 1.x world (which is where most > > of us still are), that measurement is in the form of a SHA1 hash of the > > next component. So, on a BIOS system, the firmware measures itself, the > > firmware measures its configuration, the firmware measures any option > > ROMs on plugin cards, the firmware measures the MBR of the disk, the MBR > > measures the grub stage 1, the grub stage 1 measures the grub stage 2, > > the grub stage 2 measures the kernel and so on. > > Yet another Treacherous Computing "feature" that nobody needs! I need to know if somebody has modified my firmware. > > Remote attestation is a mechanism by which a remote machine can request > > (but not compel) another machine to provide evidence of the PCR state. > > The TPM provides a signed bundle of information including the PCR values > > and the event log, and the remote machine verifies that the signature > > corresponds to the key it expected to see. > > How does the remote machine know that what is answering is a physical TPM > and not a software emulation? Does it need to have the individual TPM's > public key in advance? Three ways: 1) If you only care that it's *a* TPM, you validate the certificate chain from the endorsement key and ensure that it chains back to an intermediate certificate corresponding to a TPM vendor 2) If you care that it's a specific TPM, yes, you need to know the public key in advance 3) If you fall into (1) but it's socially unacceptable for you to demand a specific TPM key because that's a uniquely identifiable piece of data about the machine, you use a trusted privacy CA that validates (1) and then issues a new certificate In the general case, (1) is unacceptable for privacy reasons. (3) is impractical because nobody has actually built the privacy CA infrastructure. As a result, remote attestation is only practical in constrained corporate environments, not those where there's a risk to individual freedom. -- Matthew Garrett | mjg59@xxxxxxxxxxxxx -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
