Since you start loading the PCRs when you use GRUB you can be assured that the boot block where grub resides is ok and that the kernel that GRUB loads is ok.
But it all hangs on the weakest link during startup, if you manage to crack the bootup process to insert your own code then: Yes you can fool TCPA/TPM. But as long as you can load the kernel and there's no root exploit in it, you will have a verifiable environment.
The TCPA chip of course rely alot on the human administrating the computer. You need to lock it down alot to make this work.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds