- Open Source News Forums
- > Linux and the Trusted Platform Module (T...
- > TrustedGRUB not really trusted
TrustedGRUB not really trusted 28 September 2009 23:29
TrustedGRUB is not a good example for a TPM security solution because
it suffers from a critical design flaw: it does not verify the
integrity of its "checkfile". This breaks the very security model it
proposes: measure everything that you need to "trust" (linux kernel,
...).
Check out the comment in TrustedGRUB' source file stage2/boot.c in
line 284:
[...] The integrity of the checkfile itself can not be measured here,
it has to be verfied later, [...]
Thus, it's possible to simply modify the checkfile to reflect any
changes made by attackers to the operating system files (linux
kernel, initramfs, ...). For this security system to work as expected
it would be necessary to have cryptographically signed checksums in
the checkfile instead of plain SHA-1 hashes and to have these hashes
validated by TrustedGRUB.
Yours,
Jürgen
- Threaded View
- Flat View
