| |||||||||||||
The Integrity Measurement ArchitectureThe Integrity Measurement ArchitecturePosted May 28, 2005 17:57 UTC (Sat) by stephen_pollei (guest, #23348)In reply to: The Integrity Measurement Architecture by wdupre1 Parent article: The Integrity Measurement Architecture
Pavel Machek <pavel@ucw.cz> made the same kind of objection on lkml saying "What is it good for, then? So I have to put my backdoor into script,
not into an executable...".
(Log in to post comments)
The Integrity Measurement Architecture Posted Jun 2, 2005 20:48 UTC (Thu) by zakaelri (guest, #17928) [Link] Do you mean "How do you prevent the exploit of registering A while runnning B?"? If so, read on...
First off. TPM makes a few fundamental assumption about it's use: If [everything loaded before A] is valid, and A appears valid, then A is valid. If A is valid, than A can be truested.
Basically, they check to make sure that every program that runs has not been modified from the version used to build the original hash. This includes the BIOS, the bootloader, the kernel, init, etc.
So, given that assumption:
If you add the TPM code to (say) bash, and bash is valid, then you know that any script run by bash will be verified by the TPM. Why? Because if the TPM code was changed, bash wouldn't be valid. (When the kernel loads bash, it would fail the check). As long as the script passed, you know it's safe to run.
So, unless there was a security hole programmed into bash, you wouldn't need to worry about it running 1 script while verifying another.
|
|||||||||||||