Following up, IAIK releases another Trusted Computing package,
the second public release of the acTvSM platform - download at [1].
acTvSM is a proof-of-concept integration of Trusted Computing and
Intel TXT into an off-the-shelf Debian Linux system. TBoot is used to
anchor the chain-of-trust in the DRTM and the initial ramdisk obtains the
key for the encrypted system root partition only if the TPM PCRs are in
the correct state.
Also, acTvSM provides management scripts for the sysadmin to reseal
the system to a new administrator defined state. Using KVM, on top
of the tightly controlled base system custom virtual applications
can be run.
This is an experimental prototype, it still contains sharp edges to hurt
yourself and some debugging code obviously contrary to security.
However, there are no bugs ;-)
Again, we want to thank every helping hand who contributed to this platform.
Have fun,
Martin & Ronald
[1] http://trustedjava.sourceforge.net/
|
