Sign up or log in Sign up using Google. Sign up to join this community. There is no signature check. European Multilaterally Secure Computing Base. Note that this is not secure yet. We will contact you shortly. It depends on your requirements.


Uploader: Kikree
Date Added: 2 May 2012
File Size: 60.39 Mb
Operating Systems: Windows NT/2000/XP/2003/2003/7/8/10 MacOS 10/X
Downloads: 14093
Price: Free* [*Free Regsitration Required]

Home Solutions Cybersecurity Overview. I have not implemented the mini-system with the server key, nor the smartphone app that would receive QR codes. Scolytus Scolytus 4 4 silver badges 17 17 bronze badges.

New TrustedGRUB out now | EMSCB

Simply fill out this form and we will get right back to you. If the system fails to unseal the SSH server key, then a different key not a secret key should be used. It may look the same, and provide the same boot text, but the password is sent off to the attacker when you type it.


Super User works best with JavaScript enabled. How do we handle problem users? Additionally, a sourceforge-project page including a mailing list trustedgrubb setup at http: The new release comes with more features, faster measurement, and better TPM support. If you don’t do either, you can’t trust your platform configuration.



More features included into turstedgrub release are: The security of the server now relies on the secrecy of the server key, so how do we keep that secret?

Sign up using Facebook.

The solution is instead to log in with SSH in a very small mini-system, such as trystedgrub initrd image. Overview of the solution First of all, full disk encryption using dm-crypt. The iPad locks you out anyway.

boot – Can I use the TPM on linux without TrustedGrub? – Super User

Of course, take ownership of the TPM and reboot first. Your browser does not support the video tag.

For more information, please read http: The attacker can buy a new server that looks just like the one you have. TrustedGRUB comes with certain new user-space utilites, which allow the end user to “verify” the correctness of the boot process.

New TrustedGRUB out now

But if you want a secure boot then you have only two options: Asked 6 years, 2 months ago. The registers are now set to the correct state for unsealing the SSH key. Except even worse since they can do this when the real root is unlocked, thus getting at the actual secrets without having to trick you into entering your password. Your request has been sent successfully.


In other words, this is not a protection for gaming consoles or kiosks. I’d like to trustedgfub the TPM to secure my boot process for my linux laptop. I am not aware of anything which is not using trusted grub. Does the bootloader actually matter which bootloader I choose?

TrustedGRUB in new version 1.1.3

Any manual, howto or tutorial I have found about this topic mentions I have to use the TrustedGrub bootloader to keep up the trust chain. This will not protect you against intelligence agencies. Why not just boot the whole system using the TPM secret, instead of just the initrd? The boot sector reads GRUB, and updates a register the same way.