Menu
▾
▴
Re: [tboot-devel] How to validate the PCR measured by TXT?
|
From: Jun K. <jun...@gm...> - 2008-05-23 06:49:24
|
On 5/16/08, Jun Koi <jun...@gm...> wrote: > Hi Joseph, > > > >>> In case of Static-RTM, we can validate the PCR values by using > >>> the BIOS eventlog stored at ACPI table. > >>> But for Dynamic-RTM we don't have such eventlog. > >> > >> Do you know if there is any good reason why tboot doesn't log events > >> into eventlog? > > > > Did you mean why tboot doesn't copy the extend information into the BIOS > > event log or why TXT itself doesn't put them there? > > > > For the former, it is a combination of lack of time, issues with the > > eventlog, and motivation. Regarding the eventlog, the current TCG > > specification does not provide for BIOS to indicate where the log data > > ends. There is a soon-to-be-released update for the spec that will > > specify that the end space be filled with ff's, but that will require > > updated BIOSes. Regarding motivation, it wasn't clear how useful or > > important it would be. > > > > The values for PCR 17 and 18 are available in the SinitMleData struct in > > the TXT heap. So MLEs can access it and expose it to whatever SW needs > > it. > > > > For TXT not doing it, the reasons are very similar. In addition, we > > didn't want to tie the launch process to BIOS and its configuration. > > > > > I think again about the above comment: we dont want to tie with BIOS, > thus we must not call BIOS functions to measure/extend configuration > data. Therefore, it is a good idea for the next code launched by tboot > (like Xen or a particular OS) should not use BIOS at all, right? > > If so, I suppose that all the Xen code now already removed all the > calls to BIOS??? > So basically the question is: should we execute other code outside our "trusted code"? In this example, BIOS code is not trusted. Or we should avoid that as much as we can? Thanks, Jun |
