Menu
▾
▴
Re: [Trustedgrub-users] PCR 1,2,3,6,7 identical
|
From: chloé F. <fou...@gm...> - 2010-07-07 12:45:32
|
My BIOS is a Dell version A02, does somebody has the same problem as me ? I can see my measurement log but is there a function that verifies automatically that the integrity measure of the log is the same value as the PCR 10 ? (a function that will extend a pcr with all the measures in the measurement log) Cheers, Chloe Yes 2010/7/7 Marcel Selhorst <m.s...@si...> > Hi Chloé, > > > Is it normal that I have the same value for PCR 1,2,3,6 and 7 ? Is it not > > actually, no. I have a Lenovo laptop and all PCR values are different. > > > suppose to be the Option Rom code in PCR 2 and the Option ROM > configuration > > in PCR 3 for example ? > > correct. > > > Does it depend on the policy of the BIOS ? > > The BIOS implementation is responsible for hashing and extending all the > option ROMs etc., so you might have to inform the BIOS vendor, that they > are not compliant to the specification. Can you read out the TPM > measurement log? Maybe, they added some info into that: > > # mount -n -t securityfs -o nodev,noexec,nosuid \ > securityfs /sys/kernel/security > > # cat /sys/kernel/security/tpm0/ascii_bios_measurements > > > My PCR values with trusted grub are : > > Looks good, PCRs 4,5,8,9,12,13,14 are different ;) > Now you can verify the values via "verify_pcr". > > Cheers, > Marcel > > -- > Sirrix AG security technologies -- http://www.sirrix.com > Dipl.-Ing. Marcel Selhorst eMail: m.s...@si... > Tel: +49 (234) 610071-126 Fax: +49 (234) 610071-526 > Tel: +49 (681) 95986-126 Fax: +49 (681) 95986-526 > Get my public key from keyserver, KeyId: 0x7C9821CC > Fingerprint 4138 E617 E62E 79D3 E663 BE5A 14E7 1CD8 7C98 21CC > > Vorstand: Ammar Alkassar (Vors.), Christian Stueble > Vorsitzender des Aufsichtsrates: Prof. Dr. Kai Rannenberg > Sitz der Gesellschaft: Homburg/Saar, HRB 3857 Amtsgericht Saarbruecken > > This message may contain confidential and/or privileged information. > If you are not the addressee, you must not use, copy, disclose or > take any action based on this message or any information herein. > If you have received this message in error, please advise the sender > immediately by reply e-mail and delete this message. > |
