TPM chip and Grub bootloader

TPM chip and Grub bootloader

[karmo]

hi
i want to program Grub to use the TPM chip to load certified Operating
System (like windows or redhat, it doesn't matter....but perhaps i will use
a redhat versione).
can you give me documents about how to do this?
thanks

ps sorry for my scholastic english ;)
-- 
View this message in context: http://www.nabble.com/TPM-chip-and-Grub-bootloader-tf3808785.html#a10779735
Sent from the Grub - Dev mailing list archive at Nabble.com.

Re: TPM chip and Grub bootloader

[Julien Ranc]

[-- Attachment #1: Type: text/plain, Size: 971 bytes --]

There already exist a patched version of Grub (not Grub 2, as far as I
know), named TrustedGrub, available at this address :
http://www.prosec.rub.de/trusted_grub.html

I never tried it though, so I won't be able to assist you in using it.

Hope that helps.

2007/5/24, karmo <myfreneticvisions-grub@yahoo.it>:
>
>
> hi
> i want to program Grub to use the TPM chip to load certified Operating
> System (like windows or redhat, it doesn't matter....but perhaps i will
> use
> a redhat versione).
> can you give me documents about how to do this?
> thanks
>
> ps sorry for my scholastic english ;)
> --
> View this message in context:
> http://www.nabble.com/TPM-chip-and-Grub-bootloader-tf3808785.html#a10779735
> Sent from the Grub - Dev mailing list archive at Nabble.com.
>
>
>
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> http://lists.gnu.org/mailman/listinfo/grub-devel
>



-- 
Julien RANC
julien.ranc@gmail.com

[-- Attachment #2: Type: text/html, Size: 1615 bytes --]

Re: TPM chip and Grub bootloader

[Robert Millan]

On Thu, May 24, 2007 at 01:41:31AM -0700, karmo wrote:
> 
> hi
> i want to program Grub to use the TPM chip to load certified Operating
> System (like windows or redhat, it doesn't matter....but perhaps i will use
> a redhat versione).
> can you give me documents about how to do this?

Is that related to Digital Restriction Management?  (just curious)

-- 
Robert Millan

My spam trap is honeypot@aybabtu.com.  Note: this address is only intended
for spam harvesters.  Writing to it will get you added to my black list.

Re: TPM chip and Grub bootloader

[Patrick Georgi]

Robert Millan schrieb:
> On Thu, May 24, 2007 at 01:41:31AM -0700, karmo wrote:
>> hi
>> i want to program Grub to use the TPM chip to load certified Operating
>> System (like windows or redhat, it doesn't matter....but perhaps i will use
>> a redhat versione).
>> can you give me documents about how to do this?
> 
> Is that related to Digital Restriction Management?  (just curious)
The TPM trust chain has multiple uses, somewhat related to each other:
1. bind executables to a system state (as defined by a hash over BIOS 
image, boot loader, kernel, a set of drivers, ...)
2. bind the keystore in the TPM chip to that system state

As so often, it can be used for, and against the user. Binding certain 
data to a machine (eg. certificates) and making it non-trivial to get at 
them.
The bad side is that the system state lock means some kind of lock-in 
(read your encrypted data on two different systems on the same machine? 
well, they lead to different system states, so the keys you need aren't 
available).

it also didn't help in the early state of TPM, that some media industry 
chills "proposed" lots of "extensions" to the basic TPM model that would 
make a media player intrusion proof (right in front of the press that 
took their wet dreams at face value and part of the specs), and that 
some misleading and downright wrong papers by opponents (the infamous 
"tcpa faq") became popular.


Patrick Georgi

Re: TPM chip and Grub bootloader

[Bruno Wolff III]

On Fri, May 25, 2007 at 11:06:49 +0200,
  Patrick Georgi <patrick@georgi-clan.de> wrote:
> 
> As so often, it can be used for, and against the user. Binding certain 
> data to a machine (eg. certificates) and making it non-trivial to get at 
> them.

And the way to tell is who has the keys that are stored on the TPM chip.
If it is use, then things are good. If it is someone else, then things
are bad.

Re: TPM chip and Grub bootloader

[Jerone Young]

There are some patches floating around in the world for grub1 to use
TPM. Actually you can find it here:

http://sourceforge.net/projects/trustedgrub/

It is still being kept up as there was a release this month. This
would be a good project to look at, if you have not already.

On 5/24/07, karmo <myfreneticvisions-grub@yahoo.it> wrote:
>
> hi
> i want to program Grub to use the TPM chip to load certified Operating
> System (like windows or redhat, it doesn't matter....but perhaps i will use
> a redhat versione).
> can you give me documents about how to do this?
> thanks
>
> ps sorry for my scholastic english ;)
> --
> View this message in context: http://www.nabble.com/TPM-chip-and-Grub-bootloader-tf3808785.html#a10779735
> Sent from the Grub - Dev mailing list archive at Nabble.com.
>
>
>
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> http://lists.gnu.org/mailman/listinfo/grub-devel
>

Re: TPM chip and Grub bootloader

[Robert Millan]

On Fri, May 25, 2007 at 11:06:49AM +0200, Patrick Georgi wrote:
> 
> As so often, it can be used for, and against the user.

Do these chips support so-called "owner override" ?  If they don't, then
this tool contains logic specificaly designed to be used _against_ the user,
and your argument that "it can be used for good or bad" doesn't hold:  It is
not like a hammer, it's like a gun.

-- 
Robert Millan

My spam trap is honeypot@aybabtu.com.  Note: this address is only intended
for spam harvesters.  Writing to it will get you added to my black list.

Re: TPM chip and Grub bootloader

[Robert Millan]

On Fri, May 25, 2007 at 10:11:03AM -0500, Bruno Wolff III wrote:
> On Fri, May 25, 2007 at 11:06:49 +0200,
>   Patrick Georgi <patrick@georgi-clan.de> wrote:
> > 
> > As so often, it can be used for, and against the user. Binding certain 
> > data to a machine (eg. certificates) and making it non-trivial to get at 
> > them.
> 
> And the way to tell is who has the keys that are stored on the TPM chip.
> If it is use, then things are good. If it is someone else, then things
> are bad.

That's a missconception.  It's not the fact that a CA has a master key that
makes this system a threat, it's the fact that when someone else has that
key, there's no way for the owner to use physical access to become the root
of the trust chain and make his own computer sign anything he wants.

IOW, no matter who the keys belong to, the problem is there's a component in
the hardware I paid for that is hostile to me, which contains keys that I
cannot retrieve (good, because of security), and refuses to use the keys on
anything I want it to (bad, because it's inherently an abusive tool).

That, of course, unless owner override feature is present.  Then it's a whole
different story.

-- 
Robert Millan

My spam trap is honeypot@aybabtu.com.  Note: this address is only intended
for spam harvesters.  Writing to it will get you added to my black list.

Re: TPM chip and Grub bootloader

[Stefan Reinauer]

* Robert Millan <rmh@aybabtu.com> [070530 15:18]:
> IOW, no matter who the keys belong to, the problem is there's a component in
> the hardware I paid for that is hostile to me, which contains keys that I
> cannot retrieve (good, because of security), and refuses to use the keys on
> anything I want it to (bad, because it's inherently an abusive tool).

You do not need a TPM based system. Todays BIOSes prohibit flashing
anything not signed by the vendor using SMI and hardware lockdown
mechanisms. You are locked out already, even though you might not care
or know yet.

Stefan

-- 
coresystems GmbH • Brahmsstr. 16 • D-79104 Freiburg i. Br.
      Tel.: +49 761 7668825 • Fax: +49 761 7664613
Email: info@coresystems.de  • http://www.coresystems.de/

Re: TPM chip and Grub bootloader

[Patrick Georgi]

Robert Millan schrieb:
> IOW, no matter who the keys belong to, the problem is there's a component in
> the hardware I paid for that is hostile to me, which contains keys that I
> cannot retrieve (good, because of security), and refuses to use the keys on
> anything I want it to (bad, because it's inherently an abusive tool).
As far as I know, this mechanism doesn't prevent you from creating 
another root. (or just deleting the old one)
Not to speak of that it isn't (again afaik) in use or even implemented 
yet - though I'm unsure about that last part (implementation), as I 
didn't look too deep into the mud created by those in the media industry 
that tried to coerce the TCG into implementing their wet dream of an 
ultimately locked down consumer world.


Patrick Georgi

Re: TPM chip and Grub bootloader

[Robert Millan]

On Thu, May 31, 2007 at 12:45:10PM +0200, Patrick Georgi wrote:
> As far as I know, this mechanism doesn't prevent you from creating 
> another root. (or just deleting the old one)

No, but it stablishes a practice that it is ok to use someone else's root.

When everyone starts doing this (and they WILL do this since someone else
will take the decision for them), that practice will become standard, then
I am being labeled as "not clear" by omission if I insist in using my own
root instead of someone else's.

An example: if a website requires that you must use Internet Explorer to view
it, and uses a TPM scheme to get clients to prove they're using IE, there's
nothing I can do to visit this website, other than using IE.  Before Treacherous
Computing, such kind of lockdown was impossible to accomplish.

I don't deny that this technology could be oriented towards legitimate uses,
becoming Trusted Computing rather than Treacherous.  But this may only come
when everyone stops the pretension that a TPM system that can be used with
someone else's root and doesn't provide any backdoor for owner with physical
access is indeed agnostic about good and evil.  We'll see that when they
start selling preconfigured TPMs where root belongs to a mallicious 3rd
party (if they aren't doing that already).

-- 
Robert Millan

My spam trap is honeypot@aybabtu.com.  Note: this address is only intended
for spam harvesters.  Writing to it will get you added to my black list.

Re: TPM chip and Grub bootloader

[Marco Gerards]

Stefan Reinauer <stepan@coresystems.de> writes:

> * Robert Millan <rmh@aybabtu.com> [070530 15:18]:
>> IOW, no matter who the keys belong to, the problem is there's a component in
>> the hardware I paid for that is hostile to me, which contains keys that I
>> cannot retrieve (good, because of security), and refuses to use the keys on
>> anything I want it to (bad, because it's inherently an abusive tool).
>
> You do not need a TPM based system. Todays BIOSes prohibit flashing
> anything not signed by the vendor using SMI and hardware lockdown
> mechanisms. You are locked out already, even though you might not care
> or know yet.

That sounds terrible.  How do you deal with this for LinuxBIOS?
--
Marco

Re: TPM chip and Grub bootloader

[Stefan Reinauer]

* Marco Gerards <mgerards@xs4all.nl> [070531 18:40]:
> > You do not need a TPM based system. Todays BIOSes prohibit flashing
> > anything not signed by the vendor using SMI and hardware lockdown
> > mechanisms. You are locked out already, even though you might not care
> > or know yet.
> 
> That sounds terrible.  How do you deal with this for LinuxBIOS?

currently by pulling the chip and writing it in an external flash
writer. But that is a bad option for the people out there without this
kind of equipment.

-- 
coresystems GmbH • Brahmsstr. 16 • D-79104 Freiburg i. Br.
      Tel.: +49 761 7668825 • Fax: +49 761 7664613
Email: info@coresystems.de  • http://www.coresystems.de/

Re: TPM chip and Grub bootloader

[Klaus Weiss]

hallo bist cool

Am Donnerstag, den 31.05.2007, 01:28 +0200 schrieb Stefan Reinauer:
> * Robert Millan <rmh@aybabtu.com> [070530 15:18]:
> > IOW, no matter who the keys belong to, the problem is there's a component in
> > the hardware I paid for that is hostile to me, which contains keys that I
> > cannot retrieve (good, because of security), and refuses to use the keys on
> > anything I want it to (bad, because it's inherently an abusive tool).
> 
> You do not need a TPM based system. Todays BIOSes prohibit flashing
> anything not signed by the vendor using SMI and hardware lockdown
> mechanisms. You are locked out already, even though you might not care
> or know yet.
> 
> Stefan
> 
-- 
GNU Maintainer (uid:klausweiss)
Free Software - Free as in Freedom

Re: TPM chip and Grub bootloader

[Klaus Weiss]

Hi, 

sorry for the last mail, my younger sister was playing with my
computer...

-- 
GNU Maintainer (uid:klausweiss)
Free Software - Free as in Freedom