On Friday 20 February 2009 02:29:50 Jan Alsenz wrote:
So in the end (after boot) you have a bunch of PCR values, that represent
all the code and data, that was used to boot the system. If you have this
and are sure, that the current configuration is correct, you have a
reference value of the expected system state, which you can use for the
following:
- seal a key:
You can create a key with the TPM and "bind" it to specific values of
the
PCRs, so it only en/decrypts with it, if these values match.
You can encrypt any kind of data with this, but the only useful thing
for
boot is to encrypt a cryptographic key needed to further start the system.
Last year I implemented support for encrypted partitions in GRUB2 [1], which
means that it can load kernels and ramdisks off encrypted partitions. TPM
support in GRUB2 would allow the key to be stored in the TPM and only
provided to GRUB once the system has checked that GRUB hasn't been tampered
with.
TPM can be used for good or for bad, but this is the case for everything
involving cryptography. We don't refuse to use encryption algorithms because
they could be used for DRM, so why should we refuse to use TPM? TPM has the
potential to make Linux even more secure.
Regards
Michael
[1] My work is yet to be merged into GRUB2.
------------------------------------------------------------------------
_______________________________________________
Grub-devel mailing list
address@hidden
http://lists.gnu.org/mailman/listinfo/grub-devel