The Integrity Measurement Architecture
Posted Jun 2, 2005 20:48 UTC (Thu) by zakaelri
In reply to: The Integrity Measurement Architecture
Parent article: The Integrity Measurement Architecture
Do you mean "How do you prevent the exploit of registering A while runnning B?"? If so, read on...
First off. TPM makes a few fundamental assumption about it's use: If [everything loaded before A] is valid, and A appears valid, then A is valid. If A is valid, than A can be truested.
Basically, they check to make sure that every program that runs has not been modified from the version used to build the original hash. This includes the BIOS, the bootloader, the kernel, init, etc.
So, given that assumption:
If you add the TPM code to (say) bash, and bash is valid, then you know that any script run by bash will be verified by the TPM. Why? Because if the TPM code was changed, bash wouldn't be valid. (When the kernel loads bash, it would fail the check). As long as the script passed, you know it's safe to run.
So, unless there was a security hole programmed into bash, you wouldn't need to worry about it running 1 script while verifying another.
to post comments)