Re: A _good_ and valid use for TPM

[phcoder <phcoder@gmail.com>]

As I understand from his letters and from a quick look at tgrub all he 
needs is to ensure the chain of verification. It seems that tgrub never 
reads tpm key. Even if we one finds tpm acceptable way to check OS 
integrity I don't see why we would rely on it if more universal approach 
is possible
I outlined how it can be checked that if core.img is untampered then OS 
isn't tampered with. I also think I might have a way to extend this 
chain back to mbr by using following ideas:
1) padding in sha1 isn't necessarry in this case since we always load 
fixed amount of sectors.
2) BPB blocks can be reclaimed. If grub boot is in partition then mbr 
may haven't checked it
3) only one read is necessary in first sector. All real reading function 
can be moved to loaded sector. So only sha1 implementation is really 
needed to be done in mbr.
4) I find it very important that the verification can be overriden by 
manually giving password. This probably won't be possible so I propose 
to make 2 mbrs: one with all features current mbr has (the default one) 
and another basic one (e.g. no chs) but with sha1 in it. Default to use 
is the first one but a user may explicitely override it

> 1. The disk must be encrypted.
> 2. The system must be able to boot without human interaction.  That is,
>    a user cannot be prompted for a passphrase or key.
The both goals together are theoretically unachievable technics like 
replacing ram (or gpu memory) with non-volatile storage is always 
available or the method of additional energy. All tpm does is to store 
it in obfuscated way and providing access to it in clear way if some 
conditions are met.
Ideally this condition is B="my system is untampered"
BIOS has the duty to verify the condition A="mbr is untampered"

So actually what he needs is that grub ensures (A=>B)
Intermediary condition is "core.img" is untampered. I already outlined 
how to ensure C=>B without any sacrifices. Ensuring A=>C may require 
some sacrifices that's why I propose to have two versions of mbr sector.
I find that the feature A=>B / C=>B is useful also in many ways not 
limited to tpm scenarios. Look at the following case:
One has installed grub locally on small disk or in flash memory (e.g. 
coreboot) in otherwise lightweight terminal. Now he wants to boot the OS 
from remote server over unsecure network.

In the same time he can always choose to boot unsigned OS by providing 
his password
Regards
Vladimir 'phcoder' Serbinenko