User: Password:
Subscribe / Log in / New account

The Integrity Measurement Architecture

The Integrity Measurement Architecture

Posted May 26, 2005 15:07 UTC (Thu) by jamesm (guest, #2273)
Parent article: The Integrity Measurement Architecture

> Of course, if an attacker can gain control of the kernel at boot time, before the IMA module has been initialized, the entire battle has been lost.

Don't forget that the TPM-signed aggregate is considered unforgeable, so attetstation will still fail.

(Log in to post comments)

The Integrity Measurement Architecture

Posted May 28, 2005 19:03 UTC (Sat) by Ross (guest, #4065) [Link]

Presumably you would just lie to the hardware that does the checksums. It
has no way to verify what you tell it is valid and will end up signing bad
data. Normally this wouldn't be possible because untrusted code isn't
allowed to run, and even if it did, it would corrupt the secret state
information. All bets are off when the untrusted code is in charge from the
start. But maybe I misunderstand.

The Integrity Measurement Architecture

Posted Jun 2, 2005 8:51 UTC (Thu) by emj (guest, #14307) [Link]

Since you start loading the PCRs when you use GRUB you can be assured that the boot block where grub resides is ok and that the kernel that GRUB loads is ok.

But it all hangs on the weakest link during startup, if you manage to crack the bootup process to insert your own code then: Yes you can fool TCPA/TPM. But as long as you can load the kernel and there's no root exploit in it, you will have a verifiable environment.

The TCPA chip of course rely alot on the human administrating the computer. You need to lock it down alot to make this work.

The measurement taken

Posted Jun 2, 2005 8:53 UTC (Thu) by emj (guest, #14307) [Link]

These are the steps when booting:

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds