Contact Legal Notice
english | deutsch
CorporateKnowledgeProductsSolutionsConsultingPartnerSupport
TURAYA™ TrustedInfrastructureTelecommunicationOpen-Source Developments
TrustedGRUB

Introduction

TrustedGRUB is an enhancement of the open-source bootloader GNU GRUB, developed together with the Chair for System Security at Ruhr-University Bochum, Germany. In the context of our research & developments in the area of Trusted Computing (TC), support for the Trusted Platform Module (TPM) as specified by the Trusted Computing Group (TCG) has been added.

The main functionality of the GRUB extensions is a connection to the TPM to measure the binary configuration (i.e., the identity) of modules to be loaded. The measurement is done using a SHA-1 hash function. The resulting measurements are then securely stored within the so-called "Platform Configuration Registers (PCR)" of the TPM. These values can then be used by local and remote systems to verify the software configuration running on the TPM-enabled platform.

TrustedGRUB has been succesfully tested using the following TPMs:

  • Atmel AT97SC3201 (version 1.1.0.6 on IBM Thinkpad T40)
  • Atmel AT97SC3201 (version 1.1.0.6 on IBM Thinkpad T41p)
  • Atmel TPM 1.2 (on IBM Thinkpad T60)
  • Infineon SLD 9630 TT 1.1b (on Intel D865-Mainboard)
  • Infineon SLB 9635 TT 1.2 (on Intel D865-Mainboard)
  • Infineon SLB 9635 TT 1.2 (on AMD Pacifica)
  • Infineon SLB 9635 TT 1.2 (on HP nc6320)
  • NSC TPM 1.1b (on IBM Thinkpad T43)
  • STM 1.2 (on Intel D945-Mainboard)

Altough TrustedGRUB is mainly used in combination with our security kernel Turaya, it has also been successfully used with the following systems:

  • Linux
  • Xen
  • Windows 2000 / XP / Vista

How does TrustedGRUB work?

A computer system equipped with a TPM offers certain new functionality to enhance the security of the system. The TPM itself is a small chip mounted on or integrated in the motherboard. It has internal memory to securely store cryptographic keys and integrity measurements of the underlying computing platform. It is equipped with a cryptographic enginge needed for encryption / decryption and for signing / verifying. Additionally, the TPM is equipped with a random number generator to create secure cryptographic keys.

The TPM itself is a passive chip, which can be compared to an integrated smartcard; the TPM alone is not able to enhance trust into an existing computer system. In order to actually build a trustworthy system and in order to use the functionality provided by the TPM, the system has to have a so-called "root of trust". The "root of trust" is the security anker, with which it is possible to build a so-called "chain of trust". Every link in the chain has been measured by the prior one. The anker itself is realised by enhancing the computer BIOS with a "Core Root of Trust for Measurement (CRTM)". This is the only instance, which - beneath the TPM - has to be trustworthy.

The CRTM will be the first instance of the boot process. Its task is to measure the BIOS and extend the integrity test into a so-called Platform Configuration Register (PCR) (The TPM offers at least 16 PCRs), which is located inside the TPM. Afterwards, the BIOS measures additional ROMs, configuration and data and also stores those information in specified PCRs.

Afterwards, the BIOS loads and measures the bootloader of the operating system (located in the Master Boot Record (MBR)) and transfers control to it. Up to this point, the system configuration has been measured and it is possible to verify the current system configuration by examining the content of the PCRs.

Our TrustedGRUB enhancement of the original GRUB bootloader continues the integrity measurements and therefore extends the chain-of-trust by measuring and extending the operating system, which is loaded through the bootloader. This enables the possibility to attest, that the booted system configuration is indeed the intendend system configuration and that it has not been manipulated or exchanged by malicious software / attackers / whatever.

Furthermore, TrustedGRUB is able to verify any arbitrary file, which does not have to be loaded for the operating system on boot time, but is important for the security of the platform (e.g., /etc/passwd or additional kernel modules, gpg-keys, ...).

This feature is realised by providing a "checkfile"-option, where TrustedGRUB will load and verify the given files by comparing the SHA1-results with a precalculated values stored in the checkfile. All files verified are additionally extended into a PCR, too. Additionally, a TPM can be used to encrypt data in such a way that the data is "sealed" to a certain platform configuration, i.e., it can only be decrypted if the booted configuration has not changed in the meantime. Therefore, it becomes impossible to bypass security policies by booting another operating system or by extracting the harddisk.

Prior releases of TrustedGRUB used the SHA1-measurement offered in hardware by the TPM. This has been exposed to be the bottleneck of the boot process, since all data loaded through GRUB had to be sent to the TPM. In our new version, we implemented the SHA1-measurement in software giving us the ability of major speed increases. In order to prevent race conditions, all files are measured during the loadage process and can therefore not be changed during and after the measurements. After succesfully loading a file, the resulting SHA1-hash-value will be extended into one PCR.

More Information & Download

More information about TrustedGRUB can be found on the sourceforge webpages and the Trusted Computing Support Forum.

blauer Pfeil TrustedGRUB webpage at  Sourceforge
blauer Pfeil Trusted Computing Support Forum
© 2010 by Sirrix AG Anmelden