[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20220810174638.GA7906@srcf.ucam.org>
Date: Wed, 10 Aug 2022 18:46:38 +0100
From: Matthew Garrett <mjg59@...f.ucam.org>
To: Brendan Trotter <btrotter@...il.com>
Cc: The development of GNU GRUB <grub-devel@....org>,
Ard Biesheuvel <ardb@...nel.org>,
Daniel Kiper <daniel.kiper@...cle.com>,
Alec Brown <alec.r.brown@...cle.com>,
Kanth Ghatraju <kanth.ghatraju@...cle.com>,
Ross Philipson <ross.philipson@...cle.com>,
"piotr.krol@...eb.com" <piotr.krol@...eb.com>,
"krystian.hebel@...eb.com" <krystian.hebel@...eb.com>,
"persaur@...il.com" <persaur@...il.com>,
"Yoder, Stuart" <stuart.yoder@....com>,
Andrew Cooper <andrew.cooper3@...rix.com>,
"michal.zygowski@...eb.com" <michal.zygowski@...eb.com>,
James Bottomley <James.Bottomley@...senpartnership.com>,
"lukasz@...rylko.pl" <lukasz@...rylko.pl>,
linux-efi@...r.kernel.org, linux-kernel@...r.kernel.org,
James Morris <jmorris@...ei.org>
Subject: Re: Linux DRTM on UEFI platforms
On Wed, Aug 10, 2022 at 06:37:18PM +0930, Brendan Trotter wrote:
> [1] doesn't provide any useful information. How does a kernel know
> that the callback provided by boot loader actually measures what it's
> supposed to measure, or even does anything at all?
The kernel has no way to know this - *any* code you've run before
performing a measurement could tamper with the kernel such that it
believes it's fine. This is just as true in DRTM as it is in SRTM. But
you know what the expected measurements should be, so you're able to
either seal secrets to those PCR values or rely on remote attestation.
> [1] doesn't provide any useful information. Senter and skinit don't
> provide a method for kernel to detect that (e.g.) a MiTM boot loader
> has always measured a forgery and has changed unmeasured code in a
> different way every time you boot.
Measurements are not opaque objects. If you're not able to reconstruct
the expected measurement then you're doing it wrong.
Powered by blists - more mailing lists