On Fri, Feb 20, 2009 at 03:03:04AM +0200, Alex Besogonov wrote: > On Fri, Feb 20, 2009 at 2:29 AM, Jan Alsenz <janals...@student.ethz.ch> wrote: > [skip] > > The TPM can proof to another party, that the PCRs have certain > > values (of > > course the communication needs to be established by normal software running > > on > > the machine) > Yes, I'm trying to do remote attestation.
You're confusing things. I think you simply want to ensure data integrity, and the TPM doesn't even do that: it simply puts the problem in hands of a third party. "remote attestation" is only useful when you want to coerce others into running your (generaly proprietary) software. I hope this is not what you want to do. > >> First, I don't think it's possible to implement SHA-1 hashing in MBR - > >> there's probably just not enough space left in 512-byte code segment > >> for that. > > I am very sure of that. > Well, I spoke phcoder on Jabber - there might be a way to do this. > He's going to investigate it. This is unnecessary. Once GRUB supports crypto, it can simply load itself from an encrypted filesystem on disk. An image can be of arbitrary size. -- Robert Millan The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and how) you may access your data; but nobody's threatening your freedom: we still allow you to remove your data and not access it at all." _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
