Menu
▾
▴
Re: [tboot-devel] How to validate the PCR measured by TXT?
|
From: Cihula, J. <jos...@in...> - 2008-04-25 19:40:18
|
On Friday, April 25, 2008 7:47 AM, Jun Koi wrote: > On 4/17/08, Seiji Munetoh <sei...@gm...> wrote: >> Hi Folks, >> >> Is there any way to validate the PCR[17] and PCR18] values? >> >> In case of Static-RTM, we can validate the PCR values by using >> the BIOS eventlog stored at ACPI table. >> But for Dynamic-RTM we don't have such eventlog. > > Do you know if there is any good reason why tboot doesn't log events > into eventlog? Did you mean why tboot doesn't copy the extend information into the BIOS event log or why TXT itself doesn't put them there? For the former, it is a combination of lack of time, issues with the eventlog, and motivation. Regarding the eventlog, the current TCG specification does not provide for BIOS to indicate where the log data ends. There is a soon-to-be-released update for the spec that will specify that the end space be filled with ff's, but that will require updated BIOSes. Regarding motivation, it wasn't clear how useful or important it would be. The values for PCR 17 and 18 are available in the SinitMleData struct in the TXT heap. So MLEs can access it and expose it to whatever SW needs it. For TXT not doing it, the reasons are very similar. In addition, we didn't want to tie the launch process to BIOS and its configuration. Joe |
