[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Linux DRTM on UEFI platforms

From: Matthew Garrett
Subject: Re: Linux DRTM on UEFI platforms
Date: Thu, 11 Aug 2022 19:25:02 +0100
User-agent: Mutt/1.10.1 (2018-07-13)

On Thu, Aug 11, 2022 at 07:25:58PM +0930, Brendan Trotter wrote:
> Hi,
> On Thu, Aug 11, 2022 at 3:16 AM Matthew Garrett <> wrote:
> > The kernel has no way to know this - *any* code you've run before
> > performing a measurement could tamper with the kernel such that it
> > believes it's fine. This is just as true in DRTM as it is in SRTM. But
> > you know what the expected measurements should be, so you're able to
> > either seal secrets to those PCR values or rely on remote attestation.
> In this scenario the kernel has no idea what the measurement should
> be, it only knows the measurement that a potentially malicious boot
> loader felt like giving the kernel previously (e.g. when the kernel
> was installed).

Even if the kernel has an idea of what the measurement should be, it has 
no way to verify that what it believes to be true is true - any 
malicious code could simply have modified the kernel to believe that 
anything it asks the TPM returns the "correct" answer.

> > Measurements are not opaque objects. If you're not able to reconstruct
> > the expected measurement then you're doing it wrong.
> OK; so to detect if boot loader has always given kernel a bad/forged
> measurement; the kernel repeats all of the steps involved in creating
> the measurement itself exactly the same as the boot loader should have
> (but might not have) so that kernel can compare a "known
> good/trustworthy" measurement with the useless measurement that the
> boot loader created for no sane reason whatsoever?

No, some external agent does. Code running on the local machine can 
never determine whether the machine is trustworthy.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]