Skip to content. | Skip to navigation

Personal tools


You are here: Home / Wiki / Trusteddiskload


Trusted Disk Loading in Emulab

Trusted Disk Loading in Emulab

After trials and tribulations, trusted disk loading via TPM is here.

How it works

  • Node with TPM chip is powered on. The BIOS and the boot device are measured with the TPM. In this case, the boot device is the TPM enabled iPXE USB dongle.
  • iPXE proves to the server that the BIOS and iPXE are unmodified by sending a quote. These quotes are cryptographically verifiable.
  • iPXE fetches the next stage and measures it with the TPM into PCR 8 (see PCRS below). This next stage is a TPM aware Grub2.
  • Grub2 fetches the kernel and MFS for imaging. It measures both pieces into PCR XXX.
  • The MFS uses tmcc and a quote to prove to the server that the MFS is unmodified and to retrieve the image encryption key over SSL.
  • Secure frisbee loads the image (securely, of course!).
  • The MFS uses tmcc to notify the server that it is done.

PCR meanings

  • 0-5 are automatically used by the BIOS to measure the BIOS code and configuration, option ROMs and configurations, and IPL code and configurations.
  • 8 is iPXE measurements.
  • 10 is Grub2 measurements.
  • 11 is Grub2 configuration and loaded files.
  • 15 is the sign-off PCR