Menu
▾
▴
Re: [Trustedgrub-users] Checkfile Integration Error -> PCR13 is not extended
|
From: Marcel S. <m.s...@si...> - 2011-03-11 14:29:06
|
Hi Sunny, Am 07.03.2011 17:40, schrieb Sansar Choinyambuu: > Hello When the Integrity measurement on Checkfile fails and if the > Booting is still continued regardless of that (by pressing any other > button than Esc when prompted) the PCR 13 is not extended and is filled > with zeros. TrustedGRUB extends each file, if the verification was correct. As soon as it detects a modified file, it will stop with an integrity error and not extend the file into PCR-13. If for instance file 3 is corrupt, file 1 and 2 are extended into PCR-13, file 3 is not. > I was expecting that the PCR 13 will be extended with the > new SHA1 hash of the altered CheckFile on this event. So that the > booting would not be disturbed and by looking at the PCR 13 value after > the boot, I can discover if the CheckFile was altered. This depends on your security requirements. Our intention was to stop booting when an integrity error occurs, extend only the valid files and then inform the user. Nevertheless, it is also possible to change this behaviour with only minor modifications in the source code. > Which was not the > case to my surprise. Also, I was wondering whether there is a > configuration or an option not to show the warning for the Integrity > Measurement Error while booting, so that the booting goes on no matter > of the Integrity Measurements. I would very much appreciate if someone > could give me insight on this. Nope, there is not. However, the attached patch should extend each file, regardless of its verification state. Please note, that I didn't test this code, but it should work ;-) HTH, Marcel -- Sirrix AG security technologies -- http://www.sirrix.com Dipl.-Ing. Marcel Selhorst eMail: m.s...@si... Tel: +49 (234) 610071-126 Fax: +49 (234) 610071-526 Tel: +49 (681) 95986-126 Fax: +49 (681) 95986-526 Get my public key from keyserver, KeyId: 0x7C9821CC Fingerprint 4138 E617 E62E 79D3 E663 BE5A 14E7 1CD8 7C98 21CC Vorstand: Ammar Alkassar (Vors.), Christian Stueble Vorsitzender des Aufsichtsrates: Prof. Dr. Kai Rannenberg Sitz der Gesellschaft: Homburg/Saar, HRB 3857 Amtsgericht Saarbruecken This message may contain confidential and/or privileged information. If you are not the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. |
