diff --git a/echo b/echo new file mode 100644 index 0000000..e69de29 diff --git a/echo hello world b/echo hello world new file mode 100644 index 0000000..e69de29 diff --git a/hello world b/hello world new file mode 100644 index 0000000..e69de29 diff --git a/references/strongswan-ima.pdf b/references/strongswan-ima.pdf deleted file mode 100644 index 8c7aa20..0000000 Binary files a/references/strongswan-ima.pdf and /dev/null differ diff --git a/thesis/02_background.tex b/thesis/02_background.tex index 25b7818..d654967 100644 --- a/thesis/02_background.tex +++ b/thesis/02_background.tex @@ -226,7 +226,7 @@ These checksums are checked against a signature database, which is held within t The signatures are created with the platform key (PK) which is by default owned and managed by Microsoft. Although it is possible to install a new own PK and sign relevant software with it, you can only boot software signed from Microsoft by default when secure boot is enabled. -Shim is the gatekeeper for OSes not maintained by Microsoft. +Shim is the gatekeeper for OSes not maintained by Microsoft. The binary is signed with the official PK and uses itself a self signed CA to sign further executables. A detailed description how shim works on Ubuntu is shown on their corresponding Wiki page\cite{ubuntuwiki20}. Only this workflow enables secure boot when using Linux OSes. @@ -236,6 +236,13 @@ When using an own PK, you loose the benefit of having externally created and sig Secure and trusted boot can, however, exist side by side on one system. The benefit of using it seems to be very limited when not using a Microsoft OS. +\subsection{Intel TXT}% +\label{sub:intel_txt} +Intel developed a solution to build a trusted environment on a hypervisor which they call \emph{Trusted Execution Technology} (TXT). +It requires an enabled TPM on the hypervisor as well as an activated trusted boot workflow. +\ToDo + + \section{Integrity Measurement Architecture}% \label{sec:integrity_measurement_architecture} diff --git a/thesis/MAIN.pdf b/thesis/MAIN.pdf index 3d67124..4c49444 100644 Binary files a/thesis/MAIN.pdf and b/thesis/MAIN.pdf differ