Menu
▾
▴
Re: [Trustedgrub-users] No values in PCR
|
From: Marcel S. <tg...@se...> - 2007-03-19 08:22:52
|
Dear Saurabh, thanks for testing TrustedGRUB. The PCRs are zero, because the BIOS of your HP notebook does not provide the complete CRTM-functionality, i.e., the BIOS does not offer the needed functionality to hash data and to extend them in to PCRs. In this case, the only security functionality you can use is the checkfile-option, which measures files via a software-sha1 and compares them to the reference-values... Regarding your checkfile-problem: You have to create a file and add the files, which shall be checked and their regarding sha1-hash values (calculatable via sha1sum), e.g.: acme selhorst # cat /boot/checkfile 2865c43108a249cc0ce3b5ff6f0b2a4bb19d0bc8 (hd0,1)/etc/passwd c151c1e02e01582e0235090c970cd3fddd1bccfe (hd0,1)/etc/shadow In your /boot/grub/menu.lst you simply then add the line: acme selhorst # cat /boot/grub/menu.lst default 0 timeout 15 title=Some title checkfile (hd0,0)/boot/checkfile root (hd0,0) kernel... Then TrustedGRUB will open the checkfile and will measure any file and compare the result with the reference value (and extend in a PCR, but this will not work for you, due to your BIOS-problem). Best regards, Marcel Selhorst Saurabh Arora schrieb: > Hi > > I have installed the TrustedGrub latest build. > My system specs: > - HP dc7600 with 1.2 Broadcom/Infineon chip > - gentoo 2.6.20 with IMA > - gcc 3.4.6 > when grub loads up at boot, it detects the TPM, but in the grub > command menu, 'checkfile' gives the following error : > > -------- > grub> checkfile <file> > > tGRUB error : Could not open checkfile ( error code 0) > Booting has to be stopped > Press any key ... > --------- > > and then it hangs and i have to cntrl+alt+del the machine.. > > and after booting, when i cat the pcrs .. i get all 0s except pcr 10 > > am i missing sumthing ?? > > > saurabh > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Trustedgrub-users mailing list > Tru...@li... > https://lists.sourceforge.net/lists/listinfo/trustedgrub-users > |
