On Thu, 2011-06-23 at 18:15 +0200, Miloslav Trmač wrote:
On Thu, Jun 23, 2011 at 4:21 PM, JB <jb.1234abcd(a)gmail.com>
wrote:
> I have done some inventory on this topic, and have some questions.
I'm not really an expert on this... Hopefully someone will correct my mistakes.
> Why do you need Trusted Boot mechanism to ensure that identified and origin-
> verified Linux kernel is booted ?
> Why signing a kernel (a la GPG) is not good enough to verify its origin at
> boot time ?
The TPM allows verifying that this kernel (and only this kernel) is
actually running. An attacker with access to the hard drive ("evil
maid") can modify the code to disable any signature check that would
be done in software (e.t. inside grub); TPM cannot be bypassed this
way.
How is this possible? The kernel was somehow installed. TPM was informed
about it (I don't know, sha hash was written into a flash
which is physically in the processor?).
Why attacker with physical access to the computer
can't install his tampered kernel and save its hash?
--
vda