|
Posted by Jamie Hunter [MS] on January 1, 2007, 12:35 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Hopefully my previous reply touched on this, the system is effectively
compared to the state when BitLocker is enabled.
You may also be interested in reading this:
http://blogs.msdn.com/si_team/archive/2006/10/03/Multi_2D00_boot-Security.aspx
--
Jamie Hunter [MS]
> Thanks, I have another question to add. It is my understanding that the
> CRTM
> and TPM are the trusted base of the system. The CRTM does not relinquish
> control of the system to anotehr piece of code until it takes an integrity
> measurement of the code. This measurement is stored in a PCR in the TPM,
> but
> the PCRs are cleared upon platform reset. So if the system does not have
> a
> prior PCR value (an SHA-1 hash) to compare the new measurement to how does
> it
> verify that the measurement it just took indicates that the code is
> trustworthy?
>
> My thought is that since the code that is taking the measurement seems to
> be
> measuring system or application files which do not change then perhaps
> something like the NIST National Software Reference Library can be used to
> verify the integrity of the code. However, I haven't seen anything about
> this in any of the TCG or MS documentation. Generally the process is just
> described as "each piece of code takes a measurement, writes the metrics
> to
> the Storage Measurement Log (SML), and then creates a SHA-1 hash of it
> which
> is stored in the PCR in the TPM."
>
> My problem is, okay the measurement has been taken. How does the system
> know whether the measurement indicates trustworthiness or not?
>
> Thanks
>
> "PA Bear" wrote:
>
>> Forwarded to microsoft.public.windows.vista.security newsgroup via
>> crosspost.
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-Windows (IE, OE, Security, Shell/User)
>>
>> Matty wrote:
>> > Hi there all, I am working on a document on Windows Vista TPM Services,
>> > and I have several questions I'm hoping someone can answer as well as
>> > several thoughts I'd like some feedback on. Feel free to address any
>> > combination of my comments/points, but I ask that you please try to be
>> > informative and thoughtful in your reply- I'd like to really learn
>> > something after all ;-)
>> > 1) Is the Endorsement Key used to create the hashes of integrity
>> > monitoring/reporting metrics? If not, what key is used?
>> >
>> > 2) The TBB of a trusted platform is the TPM and the CRTM. The CRTM is
>> > either a portion of or the entire BIOS code. Both of these components
>> > must be trusted, and updates must be controlled. However, currently
>> > 3rd party BIOSes are prevalent, and anyone can update them. If this
>> > situation does not change then basically 1 of the 2 components of the
>> > TBB cannot really be trusted. How can we really ever have a trusted
>> > computing platform if one of the 2 TBBs can be compromised? Perhaps
>> > this issue is being addressed when I read the phrase "TPM-compliant
>> > BIOS."
>> >
>> > 3) A trusted computing platform using a 1.2 TPM, and Windows Vista can
>> > enable Secure Startup and BitLocker drive encryption to secure data
>> > cryptographically. If the drive from this trusted computing platform
>> > is stolen and placed into another system running another operating
>> > system then what is the attacker missing in order to access the data?
>> > The same thing they were missing before the trusted computing platform
>> > was around- the encryption key. Therefore, doesn't the attacker
>> > still have the same methods of brute force attack at their disposal for
>> > cracking the encryption of the volume? How does the TPM make this
>> > different once the drive has been removed from the system?
>> >
>> > 4) I am trying to write scripts to perform basic TPM management tasks.
>> > Microsoft has some documentation on the WIn32_Tpm class which is
>> > supposed to be used for this sort of thing, but I have not had any
>> > success getting scripts to work on my Windows Vista 32-bit or 64-bit
>> > installations. In the end I simply tried to search for the Win32_Tpm,
>> > and could not even find it. The method for searching for the class was
>> > to use the script below, and then pipe it to | findstr /I "Win32_Tpm".
>> >
>> > =======================================
>> > strComputer = "."
>> > strNamespace = "\root"
>> >
>> > Set objSWbemServices = GetObject("winmgmts:\" & strComputer &
>> > strNamespace)
>> >
>> > Set colClasses = objSWbemServices.SubClassesOf()
>> > For Each objClass in colClasses
>> > Wscript.Echo objClass.Path_.Path
>> > Next
>> > =======================================
>> >
>> > I have some more questions floating around somewhere, but this is a
>> > good start.
>> >
>> > Thanks in advance for your replies.
>> >
>> > Matt
>>
>>
| 
XML site map