Re: [Trustedgrub-users] Fwd: how to simulate tampering of grub config so that PCR values display change

[boddah <amu...@gm...>]

Thank you Marcel.

Now I get what u were tryin to say. When I modified menu.lst, I just removed
the 'default = 0' line in the file; which wasn't what u told me.
Sorry for the misunderstanding. PCR-12 now changes when I fiddled with the
kernel-line.

I also succeed changing PCRs by replacing the 'stage1' and 'stage2' from
/boot/grub.
When I changed stage1, PCR-4 changes and when stage2 was replaced; PCR-8 and
PCR-4 change.
Is this the way it's supposed to behave?

Thanks so much.

Best,
zach

On Wed, Apr 28, 2010 at 9:11 PM, Marcel Selhorst <m.s...@si...>wrote:

> Hi,
>
> >> So in case you modify e.g., your kernel-line by adding or removing an
> >> option, PCR-12 will be different.*
> > I can't seem to point out what's not right. PCR-12 still doesnt show any
> > changes. Can u elaborate on ways to really simulate this?
>
> That's odd, how does the output of your PCR's look like? Can you paste
>
>   # cat /sys/class/misc/tpm0/device/pcrs
>
> In my case, my PCRs look as follows:
>
> PCR-00: 6D D1 0D BB 4E F9 C0 8D 3D DD CC 16 19 B0 39 37 73 47 69 99
> PCR-01: 58 4F C0 5A 1A 07 C3 15 56 A3 08 36 94 E4 09 F5 33 20 3E E1
> PCR-02: 53 DE 58 4D CE F0 3F 6A 7D AC 1A 24 0A 83 58 93 89 6F 21 8D
> PCR-03: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75
> PCR-04: 26 C1 AE 4B 8E 3F 5A EC 62 BF E9 46 F9 7C 14 CD EB 78 1F 54
> PCR-05: 50 12 43 8E 34 D5 C3 86 24 4C 3D 73 18 5B CA B7 0F DC 02 5E
> PCR-06: 58 5E 57 9E 48 99 7F EE 8E FD 20 83 0C 6A 84 1E B3 53 C6 28
> PCR-07: 3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75
> PCR-08: 4F 9C 38 86 51 79 78 92 F7 4D EC 10 5E AC 85 53 49 3F 4F FF
> PCR-09: B5 A4 EE 0A E4 75 DD 4B B2 C4 B8 92 D8 BC E5 38 A9 8B A8 37
> PCR-10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> PCR-11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> PCR-12: 01 07 62 AE E6 E0 2D 96 B8 47 EC 2E 15 1C 07 A9 B0 7D A4 CB
> PCR-13: 44 43 C4 A7 5A 82 82 AA 5D DF 8C DB 29 FF B1 A8 21 38 F6 F1
> PCR-14: 44 43 C4 A7 5A 82 82 AA 5D DF 8C DB 29 FF B1 A8 21 38 F6 F1
> PCR-15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> PCR-16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> PCR-17: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
> PCR-18: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
> PCR-19: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
> PCR-20: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
> PCR-21: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
> PCR-22: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
> PCR-23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>
> My menu.lst looks like this:
>
> title=Gentoo Linux 64-Bit 2.6.33
>
> checkfile=(hd0,0)/checkfile-2.6.33
>
> kernel=(hd0,0)/vmlinuz-2.6.33 acpi_sleep=s3_bios
> thinkpad_acpi.experimental=1 thinkpad_acpi.fan_control=1 memtest=1
>
> initrd=(hd0,0)/keyrona-2.6.33.initrd
>
>
> Now, as soon as I switch the flag memtest=1 to memtest=0, PCR-12 changes as
> follows:
>
> PCR-12: A7 93 68 2D D1 FC 87 8B 21 26 57 A1 52 B6 63 45 D2 F3 80 89
>
> If you send me our menu.lst and your PCR-output, maybe we can figure
> something out.
>
> Thanks!
> Marcel
> --
> Sirrix AG security technologies -- http://www.sirrix.com
> Dipl.-Ing. Marcel Selhorst  eMail: m.s...@si...
> Tel: +49 (234) 610071-126   Fax: +49 (234) 610071-526
> Tel: +49 (681)  95986-126   Fax: +49 (681)  95986-526
> Get my public key from keyserver, KeyId: 0x7C9821CC
> Fingerprint 4138 E617 E62E 79D3 E663 BE5A 14E7 1CD8 7C98 21CC
>
> Vorstand: Ammar Alkassar (Vors.), Christian Stueble
> Vorsitzender des Aufsichtsrates: Prof. Dr. Kai Rannenberg
> Sitz der Gesellschaft: Homburg/Saar, HRB 3857 Amtsgericht Saarbruecken
>
> This message may contain confidential and/or privileged information.
> If you are not the addressee, you must not use, copy, disclose or
> take any action based on this message or any information herein.
> If you have received this message in error, please advise the sender
> immediately by reply e-mail and delete this message.
>



-- 
Forever indebt to your priceless advice...