2005-11-24 S. Munetoh Initial version
This is the enhancement of Linux boot loader Grub
for adding the TCG measurement capability. It supports TCG 1.1b compliant PCs.
Main features are:
- Measurement during the process of loading Grub
- Stage 1 measures the first sector of the stage 1.5 (or stage 2). Stage 1(=MBR)
itself is measured by ThinkPad BIOS just when it is loaded.
- The first sector of stage 1.5 (or stage 2) measures the remaining sectors.
Stage 1.5 measures the stage 2, too.
- Just after the Grub is booted, it measures the configuration file named grub.conf.
Then it measures a number of files in the sequence specified in this configuration
file.
Environment:
- TCG 1.1b compliant PC. BIOS INT 1Ah/AX=0BBxxh must be supported.
- TCG functions must be enabled in the BIOS setting.
Links
GNU GRUB http://www.gnu.org/software/grub/grub.html
GNU GRUB Mailing List Archive http://lists.gnu.org/archive/html/bug-grub/
TCG https://www.trustedcomputinggroup.org/home
# /sbin/mke2fs /dev/fd0 # mount -t ext2 /dev/fd0 /mnt/floppy # /sbin/grub-install --root-directory=/mnt/floppy '(fd0)' # cp /boot/grub/menu.lst /mnt/floppy/boot/grub/grub.conf # umount /mnt/floppy
If your PC does not have (legacy) floppy drive. This may not work.:-(
1) You can create the boot disk using another PC which supports legacy floppy
drive. Then copy your menu.lst file into the grub-boot floppy.
2) Try to use a USB floppy drive
# /sbin/mke2fs /dev/sda # mount -t ext2 /dev/sda /mnt/floppy # /sbin/grub-install --root-directory=/mnt/floppy --recheck '(fd0)' some warnings and fail fix /mnt/floppy/boot/grub/device.map e.g. (hd0) /dev/hda (fd0) /dev/sda then try again # /sbin/grub-install --root-directory=/mnt/floppy '(fd0)' some warnings but finish. # cp /boot/grub/menu.lst /mnt/floppy/boot/grub/grub.conf # umount /mnt/floppyBefore move to the next step. Please check the operation of this boot floppy!!!.
Are you ok? Let's build new grub.
For Grub 0.94 and 0.95, patches are made for Grub SRPM package from RedHat.
Copy all patche files into /usr/src/redhat/SOURCES # rpm -i grub-0.94-5.src.rpm # cd /usr/src/redhat/SPECS # patch grub.spec ../SOURCES/grub-0.94.spec.patch # rpmbuild -bb grub.spec # cd ../RPMS # rpm -Uhv --force grub-0.94-5tcg.i386.rpm
Install new Grub
# /sbin/grub-install /dev/hda
# sync # reboot
For Grub 0.96, 0.97, patches are made for the original Grub source.
$ tar xvfz grub-0.96.tar gz $ cd grub-0.96 $ patch -p1 -b < grub-0.96-tcg.patch $ autoreconf --install --force $ ./configure --prefix=PATH $ make $ su # make install # PATH/sbin/grub-install /dev/hda # sync # reboot
From the next boot, you will see some TCG messages.
Get the original RPM package (some packages are available here, see section 2.1)
# rpm -Uhv grub-0.94-5.i386.rpm # /sbin/grub-install /dev/hda
By default, Grub measures itself and extend PCR #4 during its loading process.
The PCR to be extended can be modified by defining TCG_GRUB_PCR_INDEX macro
(default is PCR4) when compiling Grub. The actual measurement is done in the
following steps.
(a) In the case Stage 1.5 is loaded (default when booting from HDD)
- Stage 1 measures the first sector of Stage 1.5.
- The first sector of Stage 1.5 measures the remaining sectors. Usually it is
done by one measurement, but it may need to measure multiple times due to the
fragmentation status of Stage 1.5 in the file system.
- After loading the remaining sectors, Stage 1.5 measures stage 2.
(b) In the case Stage 1.5 is not loaded (default when booting from FDD)
- Stage 1 measures the first sector of Stage 2.
- The first sector of Stage 2 measures the remaining sectors. The maximum number
of bytes is 127 sectors (=65024 bytes) per measurement, which is the unit used
by BIOS INT 13h call. The measurement steps are usually done by two measurements,
but it may need to more measurements due to the fragmentation status of Stage
1.5 in the file system.
By default, Grub measures the configuration file (/boot/grub/grub.conf) and extend PCR #5 before it interpret this file. The PCR to be extended can be modified by defining TCG_GRUB_CONF_PCR_INDEX macro (default is PCR5) when compiling Grub. If you execute commands that reload Grub environment (eg. display) on Grub console, the configuration is measured again.
Default PCR assignement
| defines | defailt value | descriptions |
| TCG_GRUB_PCR_INDEX | 4 | for grub stage 1,1.5 and 2 |
| TCG_GRUB_CONF_PCR_INDEX | 5 | for grub.conf |
| TCG_FILE_PCR_INDEX | 8 | any file |
@
# grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You have a /boot partition. This means that # all kernel and initrd paths are relative to /boot/, eg. # root (hd0,0) # kernel /vmlinuz-version ro root=/dev/hda2 # initrd /initrd-version.img #boot=/dev/hda default=0 timeout=10 splashimage=(hd0,0)/boot/grub/splash.xpm.gz title Fedora Core (2.6.6-1.435) SELinux Enforced Mode root (hd0,0) measure (hd0,0)/etc/security/selinux/policy.17 9 measure (hd0,0)/opt/jdk1.4.2/jre/lib/security/java.policy 9 measure (hd0,0)/opt/jdk1.4.2/jre/lib/security/java.security 9 kernel /boot/vmlinuz-2.6.6-1.435 ro root=LABEL=/ enforcing=1 rhgb quiet 3 initrd /boot/initrd-2.6.6-1.435.img title Fedora Core (2.6.6-1.435) SELinux Permissive Mode root (hd0,0) measure (hd0,0)/etc/security/selinux/policy.17 9 measure (hd0,0)/opt/jdk1.4.2/jre/lib/security/java.policy 9 measure (hd0,0)/opt/jdk1.4.2/jre/lib/security/java.security 9 kernel --pcr=8 /boot/vmlinuz-2.6.6-1.435 ro root=LABEL=/ enforcing=0 rhgb quiet initrd --pcr=8 /boot/initrd-2.6.6-1.435.img
The following grub commands are added to access TCG functions.
- measure (New)
Usage: measure file pcrindex [ nolog ]
Menu/Commandline
Perform TCG measurement operation with the file FILE and with PCR(pcrindex).
This operation sends TPM_Extend command to TPM (Trusted Platform Module) using
hash of the file and creates a TCG_PCR_EVENT record in the TCG log area within
an ACPI Non-Reclaimable Area with eventType=EV_CODE_NOCERT(1). Note that pcrindex
value is checked by system BIOS at logging the event. If nolog is specified,
TCG_PCR_EVENT record is not created. If nolog is not specified, the pcrindex
may be restricted by a platform BIOS. (For example, IBM ThinkPad X30 returns
error (3=Unsupported) if the pcrindex is larger than 7. )
- pcrread (New)
Usage: pcrread pcrindex
Commandline only
Display current value of the PCR (Platform Configuration Register) within TPM(Trusted
Platform Module) at index, pcrindex. Atmel TPM which is included in ThinkPad
X30 etc, has 16 PCRs (pcrindex = 0 ... 15).
- tcglog (New)
Usage: tcglog [lognum]
Commandline only
Display TCG event log entry at lognum. lognum is a 0 based integer. If lognum
is not specified, all log entries are displayed.
The following grub commands are added --pcr option to specify PCR that is extended
when these command measure the file. If --pcr option is not specified, the PCR
defined by TCG_FILE_PCR_INDEX (default is PCR8) is extended.
chainloader [--force] [--pcr=pcrindex] file
initrd [--pcr=pcrindex] file ...
kernel [--type=type] [--no-mem-option] [--pcr=pcrindex] file ...
module [--pcr=pcrindex] file ...
modulenounzip [--pcr=pcrindex] file ...
CHS support is currently excluded to accommodate measurement functions. This means that our loader doesn't boot from FDD.
* stage1/stage1.h: Definitions for TCG measurement.
* stage1/stage1.S: Measure stage1.5/2 after loading it.
* stage2/start.S: Measure sector 2+ of stage1.5.
* configure.ac: Added --disable-tcpa option, in case user does not want the
new TCG interface.
* stage2/asm.S: Added some new functions, for TCG operations.
* stage2/builtins.c: Added built in commands for TCG operations.
* stage2/sha1.c: (New) SHA-1 digest calculation functions.
* stage2/sha1.h: (New) Definitions for SHA-1 functions.
* stage2/shared.h: Definitions for externs and wrapping functions.
* stage2/stage1_5.c: Measure stage2 after loading it.
* stage2/stage2.c: Measure configuration file.
* stage2/Makefile.am: Added sha1 module.
| Machine (type) | BIOS Version | Status |
| IBM Thinkpad X30 (2672-4HJ) | BIOS 1.0.7, EC 1.0.5 | OK (following bug was fixed) |
| IBM Thinkpad X30 (2672-4HJ) | BIOS 1.0.5 (1KET44WW) EC v1.0 |
ACPI Table is null. this is BIOS bug. Please update your firmware |
| IBM Thinkpad T42 (2373-9ZJ) | 3.14 (1RETDIWW) | OK |
| IBM ThinkPad T41 (2373-9FJ) | 3.03 (1RETCWW) | OK |
| BM ThinkPad T30 (2366-97J) | 2.07 | OK (following bug was fixed) |
| BM ThinkPad T30 (2366-97J) | 2.04-2.06 | Missing TCG eventlog table stored in ACPI table. |
| IBM ThinkPad T30 (2366-97J) | 2.03 | OK |
| IBM Thinkpad R40 (2681-KUJ) | 1.12 (1OET46WW) | Fail, TCG BIOS returned error=4 |
| IBM Thinkpad R32 (2658-N5J) | 2.15 (1MET96WW) 2.12 (1MET93WW) |
Boot fail, halt at stage1 :-( |
| IBM ThinkCentre S50 UltraSlim (8086-A4J) |
2DKT11AUS | OK |
| IBM ThinkCentre S50 (8183-G9J) | 2AKT44AUS | OK (following bug was fixed) |
| IBM ThinkCentre S50 (8183-G9J) | 2AKT38AUS | At the stage2, TCG_LogExtend BIOS call is not work for PCR8-15.Thus, please use PCR7 for O/S measuremnt. |
@
@