Menu
▾
▴
Re: [Trustedjava-support] Questions about PCR quoteing (Attestation)
|
From: Martin P. <Mar...@ia...> - 2009-06-23 08:17:45
|
dev...@ar... wrote: >> PCRs content -> provides evidence of system state > > Is it correct that PCRs content checking can be used to detect if a system is corrupted (e.g. hijacked, bot ...)? If the chain of trust is not broken, the stored measurement log (SML) plus signed quote of current PCRs is evidence what software chain was run. However, that alone does not give you any information whether one of the packages in the chain contains e.g. a buffer overflow, which is/was used to silently take complete control of the system. If you know that a certain software is vulnerable, you can examine the chain from the start onwards and, if the specific version is in there, you must assume all later measurements are not the truth. (Because malicious software can only manipulate measurements done after taking control, due to the one-way nature of hashes). > Further is it correct that this check can only be used if the systems already know each other? If you want to check for certain software hashes in the SML, of course you would have to know the "good" (and probably "bad") values for comparison. Martin |
