You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
26 lines
1.1 KiB
26 lines
1.1 KiB
\chapter{Implementation}
|
|
\section{Trusted Boot}
|
|
\begin{itemize}
|
|
\item Trusted Boot with GRUB 2.04: TPM support available; PCR mapping
|
|
\item Secure Boot with Unified Kernel; another PCR mapping
|
|
\item Benefits and Drawbacks of both variants
|
|
\end{itemize}
|
|
|
|
Limitations due to bad implementation on BIOS-Level, no Certificate Verification Infrastructure available for TPMs? Needs to be proven for correctness.
|
|
|
|
\section{Integrity Measurement Architecture}
|
|
Available on Ubuntu, RedHat and optionally Gentoo.
|
|
The Kernel has the correct compile options set.
|
|
|
|
\subsection{Handling external hardware}
|
|
How can camera and fingerprint sensor be trusted?
|
|
What is the limitation of this solution?
|
|
|
|
\section{Interaction with TPM2}
|
|
tpm2-tools 4.x are usable to interact with the TPM from the command line.
|
|
Available on all major releases after summer 2019.
|
|
Fallback is using the TPM2 ESAPI or SAPI, which is available on almost all Linux distributions.
|
|
|
|
\section{Direct Anonymous Attestation}
|
|
DAA Project from Xaptum: Working DAA handshake and possible TPM integration.
|
|
Requires an Attestation Key which is secured with a password policy.
|
|
|