From: Seiji M. <sei...@gm...> - 2008-04-18 03:30:07
|
Hi Hal, Joe. Thank you for your advices. That is a big help. 2008/4/18, Hal Finney <hal...@gm...>: > Seiji, have you tried reading PCR 17 and PCR 18? What values do you get? Yes. here is, # cat /sys/class/misc/tpm0/device/pcrs <snip> PCR-16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR-17: C0 E5 23 76 84 CD 97 4F DF 6E CD 4A 27 17 EA 63 B0 99 B2 82 PCR-18: 55 50 38 7D 03 F1 EE FA 45 49 65 5A 70 27 85 B4 14 4B C5 2E PCR-19: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR-20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR-21: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR-22: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR-23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 and boot message is as follows <snip> TBOOT: sinit_mle_data (@7d4201a4, 260): TBOOT: version=5 TBOOT: bios_acm_id= 80 00 00 00 20 07 09 10 ff ff ff ff ff ff ff ff ff ff ff ff TBOOT: edx_senter_flags=0 TBOOT: mseg_valid=0 TBOOT: sinit_hash= b2 12 60 68 7f 26 f0 cd a9 c7 5e 81 ff 78 92 72 1d 50 ed 4d TBOOT: mle_hash= df 7b ac e3 5f a2 3d 23 d4 fe 1a 4a 25 8b 4e 4e b0 c2 64 a4 TBOOT: stm_hash= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 TBOOT: lcp_policy_hash= df 7b ac e3 5f a2 3d 23 d4 fe 1a 4a 25 8b 4e 4e b0 c2 64 a4 TBOOT: lcp_policy_control=0 <snip> 1st step, I'd like to validate the PCRs by using the TBOOT message. I verified the PCR18 by just extend the mle_hash value. good. But I have not been able to validate the PCR17... 2nd step, will create hash values in TBOOT massage from SINIT file. Then we will be able to predict the PCRs extended by the TXT.:-) Thanks, -- Seiji |