trustedgrub-users

[Trustedgrub-users] No values in PCR

[Saurabh A. <tan...@gm...>]

Hi

I have installed the TrustedGrub latest build.
My system specs:
- HP dc7600 with 1.2 Broadcom/Infineon chip
- gentoo 2.6.20 with IMA
- gcc 3.4.6
when grub loads up at boot, it detects the TPM, but in the grub
command menu, 'checkfile' gives the following error :

--------
grub> checkfile <file>

tGRUB error : Could not open checkfile ( error code 0)
Booting has to be stopped
Press any key ...
---------

and then it hangs and i have to cntrl+alt+del the machine..

and after booting, when i cat the pcrs .. i get all 0s except pcr 10

am i missing sumthing ??


saurabh

Re: [Trustedgrub-users] No values in PCR

[Marcel S. <tg...@se...>]

Dear Saurabh,

thanks for testing TrustedGRUB.
The PCRs are zero, because the BIOS of your HP notebook does not provide the complete
CRTM-functionality, i.e., the BIOS does not offer the needed functionality to hash
data and to extend them in to PCRs. In this case, the only security functionality you
can use is the checkfile-option, which measures files via a software-sha1 and
compares them to the reference-values...

Regarding your checkfile-problem:

You have to create a file and add the files, which shall be checked and their
regarding sha1-hash values (calculatable via sha1sum), e.g.:

acme selhorst # cat /boot/checkfile
2865c43108a249cc0ce3b5ff6f0b2a4bb19d0bc8 (hd0,1)/etc/passwd
c151c1e02e01582e0235090c970cd3fddd1bccfe (hd0,1)/etc/shadow

In your /boot/grub/menu.lst you simply then add the line:

acme selhorst # cat /boot/grub/menu.lst
default 0
timeout 15

title=Some title
checkfile (hd0,0)/boot/checkfile
root (hd0,0)
kernel...

Then TrustedGRUB will open the checkfile and will measure any file and compare the
result with the reference value (and extend in a PCR, but this will not work for you,
 due to your BIOS-problem).

Best regards,
Marcel Selhorst

Saurabh Arora schrieb:
> Hi
> 
> I have installed the TrustedGrub latest build.
> My system specs:
> - HP dc7600 with 1.2 Broadcom/Infineon chip
> - gentoo 2.6.20 with IMA
> - gcc 3.4.6
> when grub loads up at boot, it detects the TPM, but in the grub
> command menu, 'checkfile' gives the following error :
> 
> --------
> grub> checkfile <file>
> 
> tGRUB error : Could not open checkfile ( error code 0)
> Booting has to be stopped
> Press any key ...
> ---------
> 
> and then it hangs and i have to cntrl+alt+del the machine..
> 
> and after booting, when i cat the pcrs .. i get all 0s except pcr 10
> 
> am i missing sumthing ??
> 
> 
> saurabh
> 
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Trustedgrub-users mailing list
> Tru...@li...
> https://lists.sourceforge.net/lists/listinfo/trustedgrub-users
>