Menu
▾
▴
Re: [Trustedgrub-users] PCR 1,2,3,6,7 identical
|
From: Marcel S. <m.s...@si...> - 2010-07-07 11:07:25
|
Hi Chloé,
> Is it normal that I have the same value for PCR 1,2,3,6 and 7 ? Is it not
actually, no. I have a Lenovo laptop and all PCR values are different.
> suppose to be the Option Rom code in PCR 2 and the Option ROM configuration
> in PCR 3 for example ?
correct.
> Does it depend on the policy of the BIOS ?
The BIOS implementation is responsible for hashing and extending all the
option ROMs etc., so you might have to inform the BIOS vendor, that they
are not compliant to the specification. Can you read out the TPM
measurement log? Maybe, they added some info into that:
# mount -n -t securityfs -o nodev,noexec,nosuid \
securityfs /sys/kernel/security
# cat /sys/kernel/security/tpm0/ascii_bios_measurements
> My PCR values with trusted grub are :
Looks good, PCRs 4,5,8,9,12,13,14 are different ;)
Now you can verify the values via "verify_pcr".
Cheers,
Marcel
--
Sirrix AG security technologies -- http://www.sirrix.com
Dipl.-Ing. Marcel Selhorst eMail: m.s...@si...
Tel: +49 (234) 610071-126 Fax: +49 (234) 610071-526
Tel: +49 (681) 95986-126 Fax: +49 (681) 95986-526
Get my public key from keyserver, KeyId: 0x7C9821CC
Fingerprint 4138 E617 E62E 79D3 E663 BE5A 14E7 1CD8 7C98 21CC
Vorstand: Ammar Alkassar (Vors.), Christian Stueble
Vorsitzender des Aufsichtsrates: Prof. Dr. Kai Rannenberg
Sitz der Gesellschaft: Homburg/Saar, HRB 3857 Amtsgericht Saarbruecken
This message may contain confidential and/or privileged information.
If you are not the addressee, you must not use, copy, disclose or
take any action based on this message or any information herein.
If you have received this message in error, please advise the sender
immediately by reply e-mail and delete this message.
|
