Below (prefixed w/ ‘[JC]’)


From: Anthony Dessiatnikoff []
Sent: Wednesday, June 17, 2009 4:56 AM
To: Cihula, Joseph
Subject: Re: tboot



Thanks for your fast answer.

I finally installed the trousers package with devel (so trousers and tpm-tools are working) but for tboot, the problem is still here.

I am trying to understand how TXT is working.

So, I have some questions about TXT and TPM:

- How the values of PCRs are calculated in the first place to be compared to ? Are they provided directly by manufacturers or is it necessary to run an init code (assuming there is no malicious softwares installed...) ?

[JC]  When SENTER is executed, it will send the measurement of the SINIT ACM to the TPM and that will cause the TPM to reset the DRTM PCRs (17-23) to 0 and then extend PCR 17 with the hash of SINIT.  SINIT will then execute and extend more values into PCR 17, as described in sec. 1.9.1 of the TXT MLE Developers Guide.

PCR 18 is extended with the SHA-1 hash of the MLE.


- Is there a SML (Stored Measurement Log) file used like described by the TCG ?

[JC]  The “log” of what is measured into PCR 17, as described in sec. 1.9.1, is contained (mainly) in the SinitMleData struct.

- Is Xen necessary to use TXT or is it just for tboot ?

[JC]  tboot is a “generic” launcher in the sense that it does not really know or care about what it launches.  That said, it only currently knows how to launch a Linux kernel or an ELF binary (which Xen is).  But it could easily be enhanced to understand other file formats.  tboot contains most of the TXT logic.

- I am able to seal data with tpm-tools (tpm_sealdata) but how can I unseal data ? I saw in the TSS the tpm_UnsealFile function but for beginning I would like to use a command line if possible.

[JC]  tpm-tools doesn’t provide a command line utility to unseal data, unfortunately.  However the function tpmUnsealFile() in libtpm_unseal does almost exactly this and would only require a trivial wrapper to make into an executable (caveat: I haven’t tried this myself).  You can get more info on its man page, tpmUnsealFile(3).

I hope my questions are clearly enough, tell me if it is not.

Many thanks.

Best regards,

2009/6/15 Cihula, Joseph <>

I’m glad to hear that you’re working with tboot and Intel TXT.


For building TrouSerS, you need to make sure that you have all the dependent packages installed, per the README file.  You may also be able to find a trousers package (you would need a –devel package).


TXT only uses PCRs 17 & 18.  The SRTM PCRs (0-15) are used by regular software during a normal boot.  The other DRTM PCRs (19-23) are available for software (e.g. tboot) to use.




From: Anthony Dessiatnikoff []
Sent: Monday, June 15, 2009 7:54 AM
To: Cihula, Joseph
Subject: tboot



I am a student and I am studying the Trusted Execution Technology from Intel and the use with TPM.

I would like some information about tboot because I cannot succeed to compile it ...

When I build with the 'make' command, there is a lot of errors (some variables are not declared, ...) in the Trousers directory, I think I missed something.

Is there some actions to perform before compiling (like replacing some folders) ? (I followed the README instructions so I configured it)

For information, I am on Ubuntu 8.10 with Xen 3.4 installed. I downloaded tboot from sourceforge.

Another question: in the MLE developer's guide, only the PCRs 17 and 18 are described but not the others, so what are they for ?

Thanks for your time.

Best regards,

Anthony Dessiatnikoff
Student from the University of Limoges (France) in Systems Security and Cryptology

Anthony Dessiatnikoff
Master 2 Systems Security and Cryptology
University of Limoges (France)