[SeaBIOS] [PATCH v8 0/8] Add TPM support to SeaBIOS
stefanb at linux.vnet.ibm.com
Wed Jul 2 17:57:34 CEST 2014
On 07/02/2014 11:51 AM, Kevin O'Connor wrote:
> On Wed, Jul 02, 2014 at 11:38:44AM -0400, Stefan Berger wrote:
>> This is a repost of a series of patches providing TPM support to SeaBIOS.
>> As an addition, this patch series now works on the Acer C720 Chromebook
>> with limitations (S3 not getting invoked; no logging into TCPA table).
>> The patch series cleanly applies to a checkout of tags/rel-1.7.5.
>> The following set of patches add TPM and Trusted Computing support to SeaBIOS.
> Thanks Stefan. Just to make sure I understand - at a very high-level
> - the goal of the tcg bios is to take "measurements" of the firmware
> so that an OS (or app) can verify that it isn't being run in a
> malicious sandbox (or at least, is running in the same environment
> that it was originally installed in)? That is, the OS can verify
> using cryptographic hashes that the same chain of system boot software
> is in use and thus no new malicious boot loader, option rom,
> etc. could be running. This is all assuming the BIOS itself is not
> attacked (because if the "S-CRTM" is compromised then an attacker
> could replay bogus measurements that an OS would be unable to
> distinguish). Am I correct?
Yes, that's the idea.
More information about the SeaBIOS