Menu
▾
▴
[Trustedgrub-users] Meassuring Kernel integrity with TG
|
From: Oliver W. <ma...@ol...> - 2006-08-02 10:21:48
|
Hi List, I am new to the project and have a somewhat theoretical question... If I understand this correctly, than TrustedGRUB will create a SHA-1 checksum of my bzImage and write this into one of the PCRs - right ? So, second stage: I want to seal a Filesystem-Encryption Key with the TPM - so I can mount the FS only when the kernel was verified - right ? Problem: I have to apply a new kernel due to security issues - so the SHA-1 and with it the PCR will change and I cannot access the encrpytion keys any longer. Approach: Using not SHA-1 but Public Key crypto to verify the kernel. Anybody alread went this direction ??? Any other ideas on the problem TIA Oliver -- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72 |
