[Trustedgrub-users] Meassuring Kernel integrity with TG

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi List,

I am new to the project and have a somewhat theoretical question...

If I understand this correctly, than TrustedGRUB will create a SHA-1 
checksum of my bzImage and write this into one of the PCRs - right ?

So, second stage: I want to seal a Filesystem-Encryption Key with the 
TPM - so I can mount the FS only when the kernel was verified - right ?

Problem: I have to apply a new kernel due to security issues - so the 
SHA-1 and with it the PCR will change and I cannot access the encrpytion 
keys any longer.

Approach: Using not SHA-1 but Public Key crypto to verify the kernel.
Anybody alread went this direction ??? Any other ideas on the problem

TIA

Oliver
-- 
Diese Nachricht wurde digital unterschrieben
oliwel's public key: http://www.oliwel.de/oliwel.crt
Basiszertifikat: http://www.ldv.ei.tum.de/page72