Browse Prior Art Database

Bios Authorized ICE session

IP.com Disclosure Number: IPCOM000015085D
Original Publication Date: 2001-Aug-11
Included in the Prior Art Database: 2003-Jun-20
Document File: 1 page(s) / 38K

Publishing Venue

IBM

Abstract

The TCPA specification Version 1.0 defines an architecture for System Integrity Measurements. Trusted code(called the Root of Trust Measurement (RTM)) is responsible for measuring the integrity of BIOS, option ROMs, IDL code, etc. The RTM stores these measurements in the TPMs PCR (Platform Configuration Register) registers. These registers can later be used to verify all of the code that was loaded in the boot process. A platform with a secure boot will generate a unique signature in the PCR's. In this way, a challenger can verify the integrity of the platform.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 76% of the total text.

Page 1 of 1

Bios Authorized ICE session

The TCPA specification Version 1.0 defines an architecture for System Integrity Measurements. Trusted code(called the Root of Trust Measurement (RTM)) is responsible for measuring the integrity of BIOS, option ROMs, IDL code, etc. The RTM stores these measurements in the TPMs PCR (Platform Configuration Register) registers. These registers can later be used to verify all of the code that was loaded in the boot process. A platform with a secure boot will generate a unique signature in the PCR's. In this way, a challenger can verify the integrity of the platform.

A person attempting to subvert this process could block all TPM accesses via an In Circuit Emulator (ICE) and later place any value into these registers. This would allow this person to load code which could attack a systems integrity. This attack is conceded by the current TCPA spec. There are no safeguards specified to fight this type of attack.

All hardware ICE tools use the IEEE 1149 protocol to communicate with the CPU. This is commonly known as the JTAG or ITP port. The following proposal would addresses this issue. The system owner would initialize each TPM with a password which controls access to the JTAG port. This password would be required to be entered before a debug or ice session could be enabled on the system. The password could be entered during the Bios Setup screen. Until the password is sent to the TPM , the TDO and TDI lines of the JTAG interface would be hel...