From: Kent Y. <shp...@gm...> - 2006-10-04 02:59:04
|
> Secure booting is half the deal, actually (and I guess it's little > wonder that trusted-grub doesn't work on this machine, in fact, it > can't even locate the TPM chip). > > Half of the other half of the deal is storing a symmetric key securely > and only releasing it to the proper application; the key must persist > across reboots. > > Another half is being able to sign messages originating from that > machine. We can use GPG/PGP/whatever for that if the first three > quarters of the deal work, of course. Code does exist to create keys and encrypt things with them, but its all in testcase form, so enabling an app to use the TPM is still a coding exercise at this point. You can find all our testcases in CVS, under the testsuite directory. The testcases that end in 01 should all be an attempt to successfully do something, where the other numbers test for specific errors. Try testsuite/tcg/data/Tspi_Hash_Sign01.c for an example of signing a hash of some data. To store a symmetric key, you'll want either to use Tspi_Data_Bind, or Tspi_Data_Seal (without PCRs) depending on the type of key you create. Kent > Truly random number generation would be nice, but not that critical. > > I haven't decided what the last 1/16th of the deal is ;-) > > BTW, has anyone already written code that does all this, or should I > keep RingTFM and the spec? > > Thanks again, > > /ji, direct-male-line descendant of Zeno :) > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys -- and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > TrouSerS-tech mailing list > Tro...@li... > https://lists.sourceforge.net/lists/listinfo/trousers-tech > -- Kent Yoder IBM LTC Security Dev. |