New TrustedGRUB out now

Version 1.0 (release candidate 4) of TrustedGRUB has been released and can be downloaded. Additionally, a sourceforge-project page including a mailing list was setup at http://sourceforge.net/projects/trustedgrub.
New features include an improved measurement speed due to a software SHA-1 implementation, support of more TPMs, and an update to GRUB release 0.9.7.

TrustedGRUB is an extension of the original GNU GRUB bootloader. It has been modified to detect and support the new Trusted Computing functionalities provided by a Trusted Platform Module (TPM) as specified by the Trusted Computing Group (TCG).

The main feature of TrustedGRUB is the possibility to measure arbitrary files during the boot process and extend the integrity test results into so called "Platform Configuration Registers (PCR)" inside TPMs memory.

Prior releases used the SHA1-measurement offered in hardware by the TPM. This has been exposed to be the bottleneck of the boot process, since all data loaded through GRUB had to be sent to the TPM.
In our new version, we implemented the SHA1-measurement in software giving us the ability of major speed increases. In order to prevent race conditions, all files are measured during the loadage process and can therefore not be changed during and after the measurements. After succesfully loading a file, the resulting SHA1-hash-value will be extended into one PCR.

Furthermore, TrustedGRUB is able to verify any arbitrary file, which does not have to be loaded for the operating system on boot time, but is important for the security of the platform (e.g., /etc/passwd or additional kernel modules, gpg-keys, ...). This feature is realised by providing a "checkfile"-option, where TrustedGRUB will load and verify the given files by comparing the SHA1-results with a precalculated value stored in the checkfile. All files verified are additionally extended into a PCR, too.

TrustedGRUB comes with certain new user-space utilites, which allow the end user to "verify" the correctness of the boot process.

Through the measurements of TrustedGRUB (and the extensions of the PCRs), it is now possible to "seal" data to a Platform Configuration. For example, you can decrypt your data only, if the correct operating system is loaded and measured into a certain PCR.

More features included into this release are:
- Updated to latest GRUB Release 0.9.7
- Including password dialog support for pre-boot authentication
- Including patches for running L4 microkernels (e.g., fiasco)
- New Software-SHA1-implementation
- Improved checkfile option with software measurements
- TPM Support with TPM detection
- TPM hashing improvements
- New "sha1"-commandline utility
- New "verify_pcr" utility to verify the correctness of GRUB
- New "create_sha1" utility