Some questions about TPM and rollback
50 views
Skip to first unread message
Mark Du
May 18, 2015, 8:51:01 PM5/18/15
to chromiu...@chromium.org
As we know TPM maintains a NVRAM rollback counter.
I get confused with this counter.
Who add increment to the counter.
How does it notice a rollback? from hardware or software?
And can it be virtualized?
I get confused with this counter.
Who add increment to the counter.
How does it notice a rollback? from hardware or software?
And can it be virtualized?
Luigi Semenzato
May 18, 2015, 9:13:29 PM5/18/15
to Mark Du, Chromium OS dev
The read-only firmware increments the counter when a new version of
the read-write firmware has been verified.
The read-write firmware increments the counter when a new version of
the kernel has been verified and has booted successfully.
The code that does the verification (i.e. checks that the crypto hash
of the next stage of software has been signed with Google's private
key) also checks that the version number in the next stage is greater
or equal to the "stored" version number (i.e. the one it expects).
Not sure what you mean by "virtualized".
There are very detailed docs about this at www.chromium.org.
Cheers! :)
> --
> --
> Chromium OS Developers mailing list: chromiu...@chromium.org
> View archives, change email options, or unsubscribe:
> http://groups.google.com/a/chromium.org/group/chromium-os-dev?hl=en
>
the read-write firmware has been verified.
The read-write firmware increments the counter when a new version of
the kernel has been verified and has booted successfully.
The code that does the verification (i.e. checks that the crypto hash
of the next stage of software has been signed with Google's private
key) also checks that the version number in the next stage is greater
or equal to the "stored" version number (i.e. the one it expects).
Not sure what you mean by "virtualized".
There are very detailed docs about this at www.chromium.org.
Cheers! :)
> --
> Chromium OS Developers mailing list: chromiu...@chromium.org
> View archives, change email options, or unsubscribe:
> http://groups.google.com/a/chromium.org/group/chromium-os-dev?hl=en
>
Mark Du
May 18, 2015, 9:22:56 PM5/18/15
to chromiu...@chromium.org, mark...@gmail.com
在 2015年5月19日星期二 UTC+8上午9:13:29,Luigi Semenzato写道:
Thanks a lot for your reply! :)
Reply all
Reply to author
Forward
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages