[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GRUB PATCH RFC 00/18] i386: Intel TXT secure launcher

From: Andy Lutomirski
Subject: Re: [GRUB PATCH RFC 00/18] i386: Intel TXT secure launcher
Date: Mon, 1 Jun 2020 17:49:03 -0700

> On Jun 1, 2020, at 5:14 PM, Daniel P. Smith <> 
> wrote:
> On 6/1/20 3:39 PM, Andy Lutomirski wrote:
>>>> .
> In other words, the log for the relaunch to attest what is currently
> running is really no less useful than using the first launch log to
> attest to the what was running in the first launch.

Maybe it would help if you give some examples of what’s actually in this log 
and why anyone, Linux or otherwise, cares for any purpose other than debugging. 
 We’re talking about a log written by something like GRUB, right?  If so, I’m 
imagining things like:

GRUB: loading such-and-such module
GRUB: loading the other module
GRUB: loading Linux at /boot/vmlinuz-whatever
GRUB: about to do the DRTM launch. Bye-bye.

This is surely useful for debugging.  But, if I understand your security model 
correctly, it’s untrustworthy in the sense that this all comes from before the 
DRTM launch and it could have been tampered with by SMM code or even just a 
malicious USB stick.  Or even a malicious compromised kernel on the same 
machine. So you could hash this log into a PCR, but I don’t see what you’ve 
accomplished by doing so.

Or have I misunderstood what this log is?  Perhaps you’re talking about 
something else entirely.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]