LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Does not seem to work.

Does not seem to work.

Posted Dec 11, 2008 6:40 UTC (Thu) by jgg (guest, #55211)
In reply to: Does not seem to work. by iabervon
Parent article: System integrity in Linux

It is not quite that simple.. The TPM systems I've seen implemented all come with the fundamental assumption that the BIOS is trusted, and from there they build a chain of trust down toward the OS. The basic idea is that the BIOS hashes itself, tells the TPM and then permanently locks that portion of the TPM, then it hashes the OS, tells the TPM and locks that portion. Then the OS runs and more stuff is hashed and locked. Once locked you cannot go back.

If you replace the BIOS then you can start the TPM up without locking out any localities and feed it bogus hashes till the cows come home and it will be quite happy to attest that the system is legitimate.

Presumably systems implementing a TPM like this also include a hardware lock to prevent the BIOS flash from being written after the BIOS boots, but there is nothing preventing you from replacing the flash chip entirely. Socketed SPI flash is still pretty common these days for BIOS's :)

So it can be a pretty effective guard against a network compromise but not physical.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds