Menu
▾
▴
Re: [tboot-devel] How to validate the PCR measured by TXT?
|
From: Hal F. <hal...@gm...> - 2008-05-25 22:33:40
|
Hello Jun - On Thu, May 22, 2008 at 11:49 PM, Jun Koi <jun...@gm...> wrote: > So basically the question is: should we execute other code outside our > "trusted code"? In this example, BIOS code is not trusted. Or we > should avoid that as much as we can? That certainly makes sense to me. There are really two points here. The first is that we don't trust the BIOS because we don't know what is in it. The TXT launch does not measure the BIOS and so the TXT PCRs do not depend on BIOS contents. Any call we make to BIOS would run code that could not be verified. The second point is that if we did originally do a measured boot, so that PCR's 0-7 contain information about BIOS and other aspects of the computer configuration, then if we made a call to BIOS, in principle we could trust that. The verifier could check that the BIOS configuration was as expected and if the BIOS was known to be trusted by that verifier, the call would be OK. But there are still problems. One problem is the size of the Trusted Computer Base (TCB). Including the whole BIOS into the TCB makes it larger (although I don't know how the BIOS size will compare with Xen). Also, BIOSes often do not have much transparency so it may be hard to get hold of the source code and know what the BIOS is doing. Also, there are many different brands and varieties of BIOS so it would be hard to trust very many of them. Another point is that some BIOSes have not done measured boot properly and it may be possible to reflash the BIOS to lie about the measured boot. Part of the goal of TXT technology is to reduce the size of the TCB and avoid dependence on measured boot. Avoiding calls into the BIOS would be a good idea for any TXT Measured Launch Environment (MLE) including Xen. However I don't know whether Xen has done as you suggest, and avoids BIOS calls when in trusted mode. Hal Finney |
