Menu
▾
▴
Re: [Trustedgrub-users] Is OS measured by Trusted Grub?
|
From: Marcel S. <tru...@se...> - 2013-11-08 20:10:08
|
Hi Hassan, > I installed trusted grub and then checked PCR Values. PCRs from 0-7 have > values but PCR's from 8 to 16 were empty (the sample out is below). My > understanding is trusted grub only measures what is before OS and not the > OS itself. Can we make trusted grub to measure the OS as well as the > applications that will be launched over OS? as the other repliers already mentioned, it is the task of the OS to continue the chain-of-trust to the applications, once it got control from the bootloader. Once the OS is running, TrustedGRUB doesn't have any control anymore on what is loaded / executed. IMA is indeed a very good approach to look into, if you want to continue your measurements. However, your TrustedGRUB installation seems not to be correct, since all PCRs 8-16 are empty. Please re-check that you installed stage1 and stage2 correctly and that no other stage1_5 or similar files are in /boot resp. /boot/grub. Thanks Marcel |
