openp****@bohme*****
openp****@bohme*****
Thu Oct 1 21:51:16 JST 2009
Hi, I am working through setting up a Linux system using the TPM chip to ensure integrity of the installed software. Have used the instructions to build a grub 0.97 with the grub-ima-1.1.0 patch, and it is booting and running. This is really difficult stuff, and I am very impressed at the work done so far. My question: What is measured at each stage of the boot? The documentation says 'measures MBR' but what it really does is measures an 8-byte header plus the first 446 bytes of the MBR - not just the 512 bytes of the actual MBR. The goal is to be able to figure out what each PCR value should be, so I can use those values to seal data while installing software, or while upgrading an existing system with new software. To do that, I need to be able to hash the same set of values that the boot sequence is going to measure, so I generate the same set of resulting PCR values. I can do this during the software installation or upgrade, so I can measure files on the disk just like GRUB will on the next reboot. Here's what I see being measured into PCR-4: 1. BIOS measures hash first 446 bytes of the MBR 2. GRUB stage1 measures 496 bytes of sector 1 of HDD (stage1.5) 3. GRUB measures rest of stage1.5 4. GRUB measures all of stage2 I know exactly what values are used for steps 1, 2 and 4. The question is, what exact offsets and byte counts are being measured for step 3? I'm guessing that it is being done in stage2/start.S but have no easy way to see what values it is using. Can anyone offer any information, or a pointer to where this is documented? Much thanks!
Fork