how does trusted grub work

how does trusted grub work

[myfreneticvisions-grub]

[-- Attachment #1: Type: text/plain, Size: 2973 bytes --]

hello everyone

i don't know if this is the better place to post my question...whatever..i try...

i'm studying the TPM chip in the Trusted/Secure  boot for my stage!
i red some pages from

https://prosec.trust.rub.de/trusted_grub_details.html#howdoesitwork

 about implementation of trusted grub and i think that that is what i'm looking for!
i have few question to you about how does it works and how i have to use it!
i am using Kubuntu, i have grub loader and the Intel Tpm chip version 1.2.
the chip has already an Endorsement Key so i don't have to create it!

1st list of questions:
the steps of your trusted grub are:

-after the reset, the processor loades the bios(question: in this step,does the cpu calls the tpm to measure the bios?? )

-bios execute the POST (Power On Self Test) to ensure that every components are ok, then measures the first part of grub, the stage 1 in the Master boot Of record, (question: is the bios to call it or is the TPM that in the first step controls the stage 1 after the bios measurement ??)if it has the same digest as the one stored in the pcr 4 it passes the test, so the bios loades it and transfer the execution to it

-the stage 1 measures the digest of stage  part 1 (why the stage 2 has two parts? i don't understand..) stored somewhere in the hard disk and if it is the same of the one stored in PCR 8 it passes the test and load it

-the stage 2 part 1 measures the stage 2 part 2 and if it pass the test it will be loaded and transfer the control to it

-stage 2 part 2 shows the different O.S. installed and let the user to select what he wants to load, after that it measures the sha1 of kernel of the selected S.O. with its initrd and modules (all together right?) and if it is the same of the one stored in PCR 14 it transfer control to the O.S.

-optional: stage 2 can measures the sha1 of some files that i need to be trusted (example: /etc/passwd) and it compares the digest with the one stored in PCR 13 (and if i have more than 1 file it compares the digest of all files together with the one present in some PCR..which one? ) 

-trusted grub has finished
    
all these steps are repeated always at every boot?
when does TPM ask the PubEk? and how does it use it? it uses to encrypt the sha1 result that is sent to the tpm? if so...the TPM decrypt the sha1 and compares it to the one that it has stored previously? what does it return? how Trusted grub understand that it's all ok?

how i have to store the sha1 of stage1, stage2 part1 part2 and so on.. in PCRs? when i have to do it? in the O.S. loaded with some application that can comunicate with the TPM to set up it?

i tried to install yout patch but i have the gcc 4.1 and the 3.4 installed, i red that i need the 3.X ... so... how i can use the gcc version 3.X?

that's all...

please...help me...

       
---------------------------------

---------------------------------
L'email della prossima generazione? Puoi averla con la nuova Yahoo! Mail

[-- Attachment #2: Type: text/html, Size: 3275 bytes --]

Re: how does trusted grub work

[Robert Millan]

On Thu, Oct 04, 2007 at 03:11:53PM +0200, myfreneticvisions-grub@yahoo.it wrote:
> hello everyone
> 
> i don't know if this is the better place to post my question...whatever..i try...
> 
> i'm studying the TPM chip in the Trusted/Secure  boot for my stage!
> i red some pages from
> 
> https://prosec.trust.rub.de/trusted_grub_details.html#howdoesitwork
> 
>  about implementation of trusted grub and i think that that is what i'm looking for!

Hi!

"Trusted Computing" is a propaganda term, designed to make you believe you
can trust your computer when in fact so-called Trusted Computing is designed
to make your computer obbey someone else.  For this reason, it would be more
accurate to refer to it as Treacherous Computing, and hence Treacherous
GRUB.

A Treacherous version of GRUB would be one that refuses to obbey the user, or
tells another component of the system that the user is not trusted so that it
can refuse to obbey her.  I'm afraid we have none of that.

For more details on what Treacherous Computing really is, see:

  http://www.gnu.org/philosophy/can-you-trust.html

-- 
Robert Millan

<GPLv2> I know my rights; I want my phone call!
<DRM> What use is a phone call, if you are unable to speak?
(as seen on /.)

help installing grub-ima

[myfreneticvisions-grub]

[-- Attachment #1: Type: text/plain, Size: 1272 bytes --]

hi
 i'm trying to install grub-ima, the grub patch that enable it to use the TPM chip in the bootstrap.
 i follow this guide
 
 http://trousers.sourceforge.net/wiki/view/Main/GrubSetupGuide?PHPSESSID=7a414e06e77e726b71e4b90ea7bce9d9
 
 an i have Fedora core 7
 
 i reached the point 2-2 ( i hop 2-1 because i think thta is not my case) and when i digit
   # autoreconf --install --force
 
 i have this output:
 
 docs/Makefile.am:30: `%'-style pattern rules are a GNU make extension
 docs/Makefile.am:33: `%'-style pattern rules are a GNU make extension
 docs/Makefile.am:36: `%'-style pattern rules are a GNU make extension
 docs/Makefile.am:3: compiling `kernel.c' with per-target flags requires `AM_PROG_CC_C_O' in `configure.ac'
 /usr/share/automake-1.10/am/depend2.am: am__fastdepCCAS does not appear in AM_CONDITIONAL
 /usr/share/automake-1.10/am/depend2.am:   The usual way to define `am__fastdepCCAS' is to add `AM_PROG_AS'
 /usr/share/automake-1.10/am/depend2.am:   to `configure.ac' and run `aclocal' and `autoconf' again.
 autoreconf: automake failed with exit status: 1
 
 which is the error?
 please help me!!
       
---------------------------------

---------------------------------
L'email della prossima generazione? Puoi averla con la nuova Yahoo! Mail

[-- Attachment #2: Type: text/html, Size: 1623 bytes --]

Re: help installing grub-ima

[Robert Millan]

On Tue, Oct 23, 2007 at 12:09:55PM +0200, myfreneticvisions-grub@yahoo.it wrote:
> hi
>  i'm trying to install grub-ima, the grub patch that enable it to use the TPM chip in the bootstrap.
>  i follow this guide

We don't support Treacherous Computing because it's against the ideals of
freedom we are trying to defend.  You should know that this "TPM chip" you're
trying to get working is in fact purposely designed so that you can make your
whole OS stack treacherous and prove to others that it has been setup this way.

If you want to learn more about Treacherous Computing and why we object to it,
please see:

  http://www.gnu.org/philosophy/can-you-trust.html

-- 
Robert Millan

<GPLv2> I know my rights; I want my phone call!
<DRM> What use is a phone call, if you are unable to speak?
(as seen on /.)

Re: help installing grub-ima

[Andrei E. Warkentin]

[-- Attachment #1: Type: text/plain, Size: 1940 bytes --]

...Because having the ability, to be certain you didn't have a  
hypervirus or at runtime-binary-patched kernel booted due to a hacked  
bootloader loading from something like a USB stick, is one step  
towards "treacherous computing", whatever that is.

I think the SELinux people might object to that. One of the biggest  
problems with security in Linux is that the Linux kernel is not and  
cannot be the core root of trust, as it is by far not the first thing  
running and is not located on unmodifiable medium.

Man, those write-once read-many system-measurement registers are just  
one step closer to losing the right to read, right? Or maybe to  
actually be in control of your system from power-on to shell prompt?

Andrei Evgenievich Warkentin
andrey.warkentin@gmail.com
Cell: (+1) (847) 321-15-55


23.10.2007, в 7:31, Robert Millan писал(а):

> On Tue, Oct 23, 2007 at 12:09:55PM +0200, myfreneticvisions- 
> grub@yahoo.it wrote:
>> hi
>>  i'm trying to install grub-ima, the grub patch that enable it to  
>> use the TPM chip in the bootstrap.
>>  i follow this guide
>
> We don't support Treacherous Computing because it's against the  
> ideals of
> freedom we are trying to defend.  You should know that this "TPM  
> chip" you're
> trying to get working is in fact purposely designed so that you can  
> make your
> whole OS stack treacherous and prove to others that it has been  
> setup this way.
>
> If you want to learn more about Treacherous Computing and why we  
> object to it,
> please see:
>
>   http://www.gnu.org/philosophy/can-you-trust.html
>
> -- 
> Robert Millan
>
> <GPLv2> I know my rights; I want my phone call!
> <DRM> What use is a phone call, if you are unable to speak?
> (as seen on /.)
>
>
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> http://lists.gnu.org/mailman/listinfo/grub-devel


[-- Attachment #2: Type: text/html, Size: 5878 bytes --]

Re: help installing grub-ima

[Robert Millan]

On Tue, Oct 23, 2007 at 09:11:58AM -0500, Andrei E. Warkentin wrote:
> ...Because having the ability, to be certain you didn't have a  
> hypervirus or at runtime-binary-patched kernel booted due to a hacked  
> bootloader loading from something like a USB stick, is one step  
> towards "treacherous computing", whatever that is.

If you had any of the situations described, you wouldn't be able to trust
the APIs you use to access the Treacherous Chip at all.  The funny thing is
that third parties would [1], but not you.

[1] Well, assuming our hypervirus is not dumb, they would just see that
    your computer lacks a Treacherous Chip or is not using it, which is
    not very useful.  But of course, this has an easy solution:
    - Premise: everyone who's not on TC is therefore running an hypervirus
    - Consequence: let the witch hunt begin!  :-)

> I think the SELinux people might object to that. One of the biggest  
> problems with security in Linux is that the Linux kernel is not and  
> cannot be the core root of trust, as it is by far not the first thing  
> running and is not located on unmodifiable medium.

How can you trust your BIOS if you can't even read its source code, let
alone verify it was built from it?

> Man, those write-once read-many system-measurement registers are just  
> one step closer to losing the right to read, right?

It's obvious that with computers being general-purpose machines, they cannot
take away basic rights.  TC is specificaly designed [1] to take away these
rights and turn them into concessions.

[1] Yes, really.  If you disagree, please explain why the Owner Override
    proposal (http://www.linuxjournal.com/article/7055) was rejected.

> Or maybe to  
> actually be in control of your system from power-on to shell prompt?

Being in control is not the same as trusting someone else who claims to be.

-- 
Robert Millan

<GPLv2> I know my rights; I want my phone call!
<DRM> What use is a phone call, if you are unable to speak?
(as seen on /.)

Re: help installing grub-ima

[Robert Millan]

Please don't take me wrong, I don't mean to say that everything the TCG
has produced is encumbered by evilness.  As I see it, my position is just:

  - I don't like to discuss about "bundle terms", because they mean so
    many things at the same time, and they might mix pure evil with rather
    useful features.

  - Remote attestation is a feature which can only be used for nasty
    purposes _and_ it affects everyone (by network effects) rather than
    just those who use it.

  - There's a tendency to believe adding checks and chains of trust increases
    security without asking oneself enough questions (e.g. do I trust the
    root of that chain?).

-- 
Robert Millan

<GPLv2> I know my rights; I want my phone call!
<DRM> What use is a phone call, if you are unable to speak?
(as seen on /.)

Re: help installing grub-ima

[Robert Millan]

And to clarify a bit more, I don't have anything against local security
checks that are controlled by the owner.  I merely think they're useless
(unless you're running LinuxBIOS, which would break the chain of trust
anyway), but if they make you feel safe, no big deal.

OTOH, when it is someone else who gets to stablish the policy, this sounds
more and more like a 1984-esque scenario.

It would have been nice to split the two features so that local checks don't
get the bad credit for remote takeovers (only the bad credit for being useless
;-)), but the TCG proponents chose not to do so.

-- 
Robert Millan

<GPLv2> I know my rights; I want my phone call!
<DRM> What use is a phone call, if you are unable to speak?
(as seen on /.)

Re: help installing grub-ima

[Andrei E. Warkentin]

> [1] Well, assuming our hypervirus is not dumb, they would just see  
> that
>     your computer lacks a Treacherous Chip or is not using it,  
> which is
>     not very useful.  But of course, this has an easy solution:
>     - Premise: everyone who's not on TC is therefore running an  
> hypervirus
>     - Consequence: let the witch hunt begin!  :-)
>

...but you expect one. And refuse to boot up without one in a state  
you expect.

>> I think the SELinux people might object to that. One of the biggest
>> problems with security in Linux is that the Linux kernel is not and
>> cannot be the core root of trust, as it is by far not the first thing
>> running and is not located on unmodifiable medium.
>
> How can you trust your BIOS if you can't even read its source code,  
> let
> alone verify it was built from it?
>

I agree. Which also, ultimately, why I think legacy BIOS is dead.

>> Man, those write-once read-many system-measurement registers are just
>> one step closer to losing the right to read, right?
>
> It's obvious that with computers being general-purpose machines,  
> they cannot
> take away basic rights.  TC is specificaly designed [1] to take  
> away these
> rights and turn them into concessions.
>
> [1] Yes, really.  If you disagree, please explain why the Owner  
> Override
>     proposal (http://www.linuxjournal.com/article/7055) was rejected.
>

TC is a technology. Like all technology, it has both benign and  
malignant and antisocial usage cases. I use a kitchen knife to dice  
veggies for food, while a psycho might use it to stab a room of  
people. Does this make kitchen knives somehow less desirable within  
society? I don't think so. Same goes for TC.

Implementing third party access is very different from being able to  
perform system measurements in the first place. Given a desire to  
specifically combat antisocial usage scenarios of TC, there is  
nothing stopping someone from NOT HAVING the 3rd party inspection  
interfaces in the first place. Or to turn them off. This doesn't  
affect secure boot or the use of a TPM to ensure system integrity.

>> Or maybe to
>> actually be in control of your system from power-on to shell prompt?
>
> Being in control is not the same as trusting someone else who  
> claims to be.
>
> -- 
> Robert Millan
>
> <GPLv2> I know my rights; I want my phone call!
> <DRM> What use is a phone call, if you are unable to speak?
> (as seen on /.)
>
>
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> http://lists.gnu.org/mailman/listinfo/grub-devel

Re: help installing grub-ima

[Andrei E. Warkentin]

[-- Attachment #1: Type: text/plain, Size: 1180 bytes --]

Fair enough. Your original response seemed a tad knee-jerk ;-)

Andrei Evgenievich Warkentin
andrey.warkentin@gmail.com
Cell: (+1) (847) 321-15-55


23.10.2007, в 15:50, Robert Millan писал(а):

>
> And to clarify a bit more, I don't have anything against local  
> security
> checks that are controlled by the owner.  I merely think they're  
> useless
> (unless you're running LinuxBIOS, which would break the chain of trust
> anyway), but if they make you feel safe, no big deal.
>
> OTOH, when it is someone else who gets to stablish the policy, this  
> sounds
> more and more like a 1984-esque scenario.
>
> It would have been nice to split the two features so that local  
> checks don't
> get the bad credit for remote takeovers (only the bad credit for  
> being useless
> ;-)), but the TCG proponents chose not to do so.
>
> -- 
> Robert Millan
>
> <GPLv2> I know my rights; I want my phone call!
> <DRM> What use is a phone call, if you are unable to speak?
> (as seen on /.)
>
>
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> http://lists.gnu.org/mailman/listinfo/grub-devel


[-- Attachment #2: Type: text/html, Size: 4583 bytes --]

Re: help installing grub-ima

[Robert Millan]

On Tue, Oct 23, 2007 at 04:21:59PM -0500, Andrei E. Warkentin wrote:
> >>I think the SELinux people might object to that. One of the biggest
> >>problems with security in Linux is that the Linux kernel is not and
> >>cannot be the core root of trust, as it is by far not the first thing
> >>running and is not located on unmodifiable medium.
> >
> >How can you trust your BIOS if you can't even read its source code,  
> >let
> >alone verify it was built from it?
> >
> 
> I agree. Which also, ultimately, why I think legacy BIOS is dead.

It has nothing to do with legacy; you're in the same situation with EFI.  And
even with LinuxBIOS.  A third party signs binaries and tells you they're
safe; that's all you have.

> TC is a technology. Like all technology, it has both benign and  
> malignant and antisocial usage cases.

I can make arguments like these too:  "A cluster bomb is a technology. Like
all technology, it has both benign and malignant and antisocial usage
cases."

Although every time I heard of someone using cluster bombs it involved mass
murder of civilians.  Why?  Well, to quote Bernard Baruch:

  "If all you have is a hammer, everything looks like a nail."

TC *could* have been designed to serve only benign (but useless) purposes
rather than mallicious ones.  This would be the case if they included the
so-caled owner override mechanism, but this mechanism was rejected.
Without this mechanism, remote attestation works automatically due to
network effects.  Which is fine when you actually want someone else to spy
on you, but is not that nice when you don't.

> I use a kitchen knife to dice  
> veggies for food, while a psycho might use it to stab a room of  
> people. Does this make kitchen knives somehow less desirable within  
> society? I don't think so. Same goes for TC.

So far noone has found a practical way to design knives in a way they can
only be used to cut beef or pork but not to cut someone else's throat.  If
this was possible, I'm sure it'd have been done.  Your argument does not
apply to TC, where the way to do that has already been found and proposed
(and rejected).

Besides, given that the benign uses are mostly useless, one can only
speculate on why they are being advertised at all.  Surely this marketing
approach has to serve a purpose.

> Implementing third party access is very different from being able to  
> perform system measurements in the first place. Given a desire to  
> specifically combat antisocial usage scenarios of TC, there is  
> nothing stopping someone from NOT HAVING the 3rd party inspection  
> interfaces in the first place. Or to turn them off. This doesn't  
> affect secure boot or the use of a TPM to ensure system integrity.

Ok, I want to turn them off.  So when someone wants to perform 3rd party
inspection on me, my TC chip will allow me to lie to them and make them
believe I'm running Microsoft Internet Explorer.  How can I do that?

The chip won't let me.  And it turns out it has physical self-destruction
mechanisms in case I attempt to tamper it.  Anything else I can try?

-- 
Robert Millan

<GPLv2> I know my rights; I want my phone call!
<DRM> What use is a phone call, if you are unable to speak?
(as seen on /.)