> i have a question. If i install the Trusted Grub with Debian Live on
> flash drive and boot from it with the following configuration of the
> menu.lst and a checkfile to check the "filesystem.squashfs". Is it
> possible to inject another "filesystem.squashfs" after the verification
> and before the file system is loaded through the kernel in RAM, for
> example through an manipulated flash drive with a switch.
the scenario you describe for the checkfile-case might be possible, since
TrustedGRUB does not keep the files im RAM, which have been loaded during
the checkfile-function. Therefore, you need to add additional measures
(e.g., organisatorical) to prevent an on-the-fly-exchange of files.
However, imho the USB-stick / flash drive is a very challenging example.
Easier would be a scenario, where you want to remotely verify a file on
e.g., a network server.
The verification of the kernel and the Initrd however is different. These
are both first loaded, checked and then kept in RAM. When control is passed
to the kernel, nothing (ie. kernel and initrd) needs to be reloaded from
the media, so one can be sure, that the measured components are the ones
stored in memory (unless an attacker has physical access to the memory
chips and can tamper them).
What you can do is to add an additional verification round inside the
initrd to re-check the validity of filesystem.squashfs (even by re-using
the reference values from within the checkfile, itself).
Sirrix AG security technologies -- http://www.sirrix.com
Dipl.-Ing. Marcel Selhorst eMail: m.selhorst@...
Tel: +49 (234) 610071-126 Fax: +49 (234) 610071-526
Tel: +49 (681) 95986-126 Fax: +49 (681) 95986-526
Get my public key from keyserver, KeyId: 0x7C9821CC
Fingerprint 4138 E617 E62E 79D3 E663 BE5A 14E7 1CD8 7C98 21CC
Vorstand: Ammar Alkassar (Vors.), Christian Stueble
Vorsitzender des Aufsichtsrates: Prof. Dr. Kai Rannenberg
Sitz der Gesellschaft: Homburg/Saar, HRB 3857 Amtsgericht Saarbruecken
This message may contain confidential and/or privileged information.
If you are not the addressee, you must not use, copy, disclose or
take any action based on this message or any information herein.
If you have received this message in error, please advise the sender
immediately by reply e-mail and delete this message.