Menu
▾
▴
Re: [Trustedgrub-users] Is OS measured by Trusted Grub?
|
From: hassan k. <has...@gm...> - 2013-11-13 16:05:13
|
Hi All, Thanks, now I understood what understood what trusted grub is doing. Anyhow is there any website/server where a list of good known hashes are already maintained so that I can verify the lower PCR values i.e. (BIOS => PCR_0 , BIOS Configurations => PCR_1, etc...). As I understood there will be lots of variation in the PCR_0 value as different mother boards have different BIOS code embedded in them. best, HK On Fri, Nov 8, 2013 at 8:52 PM, Marcel Selhorst <tru...@se...>wrote: > Hi Hassan, > > > I installed trusted grub and then checked PCR Values. PCRs from 0-7 have > > values but PCR's from 8 to 16 were empty (the sample out is below). My > > understanding is trusted grub only measures what is before OS and not the > > OS itself. Can we make trusted grub to measure the OS as well as the > > applications that will be launched over OS? > > as the other repliers already mentioned, it is the task of the OS to > continue the chain-of-trust to the applications, once it got control > from the bootloader. Once the OS is running, TrustedGRUB doesn't have > any control anymore on what is loaded / executed. IMA is indeed a very > good approach to look into, if you want to continue your measurements. > > However, your TrustedGRUB installation seems not to be correct, since > all PCRs 8-16 are empty. Please re-check that you installed stage1 and > stage2 correctly and that no other stage1_5 or similar files are in > /boot resp. /boot/grub. > > Thanks > Marcel > |
