From: phcoder <phcoder@gmail.com>
To: The development of GRUB 2 <grub-devel@gnu.org>
Subject: Re: A _good_ and valid use for TPM
Date: Thu, 19 Feb 2009 16:05:10 +0100 [thread overview]
Message-ID: <499D7526.70907@gmail.com> (raw)
In-Reply-To: <f9ca530f0902190221u6bd5eb8bm4ace59f7c531249c@mail.gmail.com>
First of all your system is still totally vulnerable to emanation and
power analysis or hw tampering. By reflashing bios one can bypass all
tpm protections (don't say it's difficult because it's closed source and
so on. Look at all closed source obfuscations/pseudo-protections that
get cracked every day)
Personally if tpm support is merged into mainline grub2 I'll stop using
it. However what you request doesn't need tpm. Authenticity of modules,
configuration files and so on can be verified by one of 4 methods:
1) internal signatures
2) file in signed gpg container
3) detached signatures
4) signed hash file
First three goals can be achieved by adding a layer similar to gzio
behaviour of checking can be controlled by environment variables and
flags passed to
grub_signed_file_open (filename, flags);
First advantage is that you can override it manually supplying grub password
When signature module isn't loaded then this function is available as a
dummy (all files are unsigned/wrong signature).
Public key can be embedded in signature module. When loaded signature
module sets strict signing policy which can be then overriden by
variable (to set such a variable you need either password or a command
in signed grub.cfg)
Then these modules can be embedded in core.img. In this case if core.img
is untampered everything is verified. Ensuring integrity of core.img is
platform-dependent. Some platforms (openfirmware, efi, ...) load
core.img directly and if they have an ability to check the boot image
it's straightforward. I haven't thought yet how to do it in limited
space of mbr. In coreboot scenario it's even the best bet. You can put
grub2 in rom and if you use rom instead of flashrom it's a wonderful
solution. But even if you use flash rom your security is similar to
scenario you propose since as I said at the begining modyfiing flash
bios you can bypass tpm scenario
Advantage of this approach is the ability to safely update over network
Forth goal can be achieved with usage of first part and function similar
to sha1sum or whirlpoolsum (my prefered hash)
Another idea: for some partitions (e.g. system partitions) signatures or
mac can be much better. btrfs supports checksumming of data and
metadata. Add mac support is easy. Signatures are more delicate I'm
looking for compact and fast signatures.
I personally would be interested in implementing security features in
grub2 as long as tpm stays away
Regards
Vladimir 'phcoder' Serbinenko
Alex Besogonov wrote:
> On Wed, Feb 18, 2009 at 11:05 PM, Jan Alsenz <janalsenz@student.ethz.ch> wrote:
>> I've recently started porting TrustedGRUB (
>> http://sourceforge.net/projects/trustedgrub ) to GRUB2.
>> I didn't get too far as I don't have too much time right now, but I managed to
>> complete the MBR bootloader.
> Great! MBR is the most scary part :)
>
>> I agree with you on the usefulness of a TPM for disk encryption and have a
>> similar scheme planned.
>> Regardless of the outcome of the discussion on the mailing list I would be
>> interested in a "trusted" GRUB2 version. Maybe we could join forces?
> Absolutely. I just hate doing work that won't appear in the mainline version :(
>
>> BTW, the "manufacturer key" everyone is talking about is usually referred to as
>> "endorsement key", which is generated during production (and whose private part
>> is considered possibly in the possession of the manufacturer). I heard, that
>> some newer TPM versions support reinitializing this key, but I'm not sure of
>> that.
> Uhm... TPM_CreateEndorsementKeyPair can be used to create the
> endorsement key pair, and the spec also says that TPM chip _must_ ship
> with empty endorsement key. It also can later be changed.
>
>> And you do loose the ability to do remote attestation with "official"
>> entities, if you do it.
> Well, I don't care about that. And in any case, no-one uses TPM for
> 'official' purposes.
>
>
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> http://lists.gnu.org/mailman/listinfo/grub-devel
next prev parent reply other threads:[~2009-02-19 15:05 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-18 9:10 A _good_ and valid use for TPM Alex Besogonov
2009-02-18 12:16 ` phcoder
[not found] ` <499C7809.6030203@student.ethz.ch>
2009-02-19 10:21 ` Alex Besogonov
2009-02-19 15:05 ` phcoder [this message]
2009-02-19 15:38 ` Colin D Bennett
2009-02-19 16:29 ` phcoder
2009-02-21 13:38 ` Robert Millan
2009-02-21 13:43 ` phcoder
2009-02-21 14:00 ` Jan Alsenz
2009-02-19 15:44 ` Michal Suchanek
2009-02-19 16:02 ` phcoder
2009-02-21 13:22 ` Robert Millan
-- strict thread matches above, loose matches on Subject: below --
2009-02-18 14:10 Alex Besogonov
2009-02-18 14:52 ` Isaac Dupree
2009-02-18 15:10 ` Alex Besogonov
2009-02-18 22:03 ` Isaac Dupree
2009-02-19 9:46 ` Alex Besogonov
2009-02-19 17:43 Alex Besogonov
2009-02-19 19:30 ` phcoder
2009-02-19 21:00 ` Alex Besogonov
2009-02-20 0:29 ` Jan Alsenz
2009-02-20 1:03 ` Alex Besogonov
2009-02-20 7:47 ` Jan Alsenz
2009-02-22 1:14 ` Alex Besogonov
2009-02-27 19:59 ` Robert Millan
2009-02-21 13:46 ` Robert Millan
2009-02-21 14:20 ` Jan Alsenz
2009-02-21 14:34 ` Robert Millan
2009-02-21 15:00 ` Jan Alsenz
2009-02-21 20:08 ` Robert Millan
2009-02-22 1:21 ` Alex Besogonov
2009-02-22 9:44 ` phcoder
2009-02-22 14:49 ` Michal Suchanek
2009-02-22 15:33 ` phcoder
2009-02-23 2:34 ` step21
2009-02-23 13:35 ` Michal Suchanek
2009-02-27 20:07 ` Robert Millan
2009-02-27 20:03 ` Robert Millan
2009-02-21 16:29 ` Alex Besogonov
2009-02-21 17:03 ` phcoder
2009-02-21 20:23 ` Robert Millan
2009-02-21 20:21 ` Robert Millan
2009-02-22 1:26 ` Alex Besogonov
2009-02-27 20:13 ` Robert Millan
2009-02-20 7:45 ` Michael Gorven
2009-02-20 11:27 ` phcoder
2009-02-20 12:12 ` Michael Gorven
2009-02-20 17:31 ` Jan Alsenz
2009-02-20 18:35 ` Vesa Jääskeläinen
2009-02-20 19:35 ` Jan Alsenz
2009-02-21 13:59 ` Robert Millan
2009-02-21 13:51 ` Robert Millan
2009-02-21 15:29 ` Michael Gorven
2009-02-21 20:31 ` Robert Millan
2009-02-21 20:43 ` Michael Gorven
2009-02-21 21:04 ` Robert Millan
2009-02-21 21:17 ` Jan Alsenz
2009-02-21 21:27 ` phcoder
2009-02-21 21:32 ` Robert Millan
2009-02-21 21:57 ` Jan Alsenz
2009-02-21 23:19 ` Robert Millan
2009-02-21 21:04 ` Jan Alsenz
2009-02-21 21:27 ` Robert Millan
2009-02-22 2:10 ` Isaac Dupree
2009-02-27 20:28 ` Robert Millan
2009-02-21 16:48 ` Alex Besogonov
2009-02-21 20:39 ` Robert Millan
2009-02-22 1:02 ` Alex Besogonov
2009-02-27 20:33 ` Robert Millan
2009-02-21 16:58 ` Alex Besogonov
2009-02-21 17:08 ` phcoder
2009-02-21 20:43 ` Robert Millan
2009-02-21 13:31 ` Robert Millan
2009-02-21 2:27 Alex Besogonov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=499D7526.70907@gmail.com \
--to=phcoder@gmail.com \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.