From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with archive (Exim 4.43)
	id 1LaQ8C-0000nV-BW
	for mharc-grub-devel@gnu.org; Fri, 20 Feb 2009 02:49:08 -0500
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1LaQ8A-0000mF-PR
	for grub-devel@gnu.org; Fri, 20 Feb 2009 02:49:06 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1LaQ88-0000l2-P0
	for Grub-devel@gnu.org; Fri, 20 Feb 2009 02:49:06 -0500
Received: from [199.232.76.173] (port=54026 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1LaQ88-0000kj-JD
	for Grub-devel@gnu.org; Fri, 20 Feb 2009 02:49:04 -0500
Received: from xsmtp1.ethz.ch ([82.130.70.13]:39682)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <janalsenz@student.ethz.ch>) id 1LaQ87-0002mr-GU
	for Grub-devel@gnu.org; Fri, 20 Feb 2009 02:49:04 -0500
Received: from xfe1.d.ethz.ch ([82.130.124.41]) by xsmtp1.ethz.ch with
	Microsoft SMTPSVC(6.0.3790.3959); Fri, 20 Feb 2009 08:49:02 +0100
Received: from [192.168.2.75] ([81.221.97.38]) by xfe1.d.ethz.ch over TLS
	secured channel with Microsoft SMTPSVC(6.0.3790.3959); 
	Fri, 20 Feb 2009 08:49:01 +0100
Message-ID: <499E6007.9050902@student.ethz.ch>
Date: Fri, 20 Feb 2009 08:47:19 +0100
From: Jan Alsenz <janalsenz@student.ethz.ch>
User-Agent: Thunderbird 2.0.0.19 (X11/20090104)
MIME-Version: 1.0
To: grub-devel <Grub-devel@gnu.org>
References: <f9ca530f0902190943w37b6b6d1pb28d78748607a772@mail.gmail.com>	
	<499DB343.9020301@gmail.com>	
	<f9ca530f0902191300m8b742cahd691f038ffd7ff89@mail.gmail.com>	
	<499DF97E.1080800@student.ethz.ch>
	<f9ca530f0902191703r48015c32h7d54cfac9b32cae3@mail.gmail.com>
In-Reply-To: <f9ca530f0902191703r48015c32h7d54cfac9b32cae3@mail.gmail.com>
X-Enigmail-Version: 0.95.7
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enig72A23DE0A467A1F8F00E80AE"
X-OriginalArrivalTime: 20 Feb 2009 07:49:01.0824 (UTC)
	FILETIME=[B2245000:01C9932F]
X-detected-operating-system: by monty-python.gnu.org: Windows 2000 SP4, XP SP1+
Cc: Alex Besogonov <alex.besogonov@gmail.com>
Subject: Re: A _good_ and valid use for TPM
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: The development of GRUB 2 <grub-devel@gnu.org>
List-Id: The development of GRUB 2 <grub-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Feb 2009 07:49:06 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig72A23DE0A467A1F8F00E80AE
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Alex Besogonov wrote:
[skip]
>>> As far as I understand - no.
>> Actually - it is.
>> Check the "TCG PC Client Specific Implementation Specification for Con=
ventional
>> Bios" or "TCG PC Specific Implementation Specification" at
>> https://www.trustedcomputinggroup.org/specs/PCClient/
>> and look for CRTM (Core Root of Trust for Measurement)
> Yes, BIOS is a root of trust, but not the Core Root. BIOS itself is
> checked before execution (pages 20 and onwards in the "TCG PC Client
> Specific Implementation Specification for Conventional Bios" spec),
> even before dynamic memory is initialized.
Well on page 32 they list two options, how to implement the CRTM:
BIOS Boot Block or entire BIOS
Since the BIOS is usually updateable, it seems that most manufacturers op=
t for
BIOS Boot Block, which I assume will be something like: "lets put the fir=
st
sector of the BIOS in ROM"
(of course it might be something else completely, but I doubt it)

>>> First, I don't think it's possible to implement SHA-1 hashing in MBR =
-
>>> there's probably just not enough space left in 512-byte code segment
>>> for that.
>> I am very sure of that.
> Well, I spoke phcoder on Jabber - there might be a way to do this.
> He's going to investigate it.
Sounds interesting.

>>> Second, the only safe action non TPM-aware MBR can perform if it
>>> detects tampering is just shutting down hard. Everything else is
>>> dangerous.
>> Yeah, but an attacker could patch that out too.
> Not if we first measure the MBR. It can be done without any
> TPM-specific code in the MBR if I'm not very mistaken.
Could you elaborate on that?
E.g. where do you measure the MBR from?

> PS: thanks for detailed explanation!
Sure, glad I could help!

Greets,

Jan



--------------enig72A23DE0A467A1F8F00E80AE
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkmeYBkACgkQfZylhtn4Xvc7MgCgxfLwrA9zfQZweG1AKPXZqNG7
JsAAoJxW7V66Xzg9hozVZCvpM7P5bQLF
=bFaV
-----END PGP SIGNATURE-----

--------------enig72A23DE0A467A1F8F00E80AE--