OpenPlatformTrustServices-0.1 - Open Platform Trust Services Wiki - Open Platform Trust Services

Open Platform Trust Services (PTS) version 0.1

1. Overview

Open Platform Trust Services is a proof-of-concept (PoC) and reference implementation of Platform Trust Services (PTS) which is defined by the Trusted Computing Group.

PTS related TCG specifications as of 2007/08

Architecture Part II - Integrity Management Version 1.0, Rev. 1.0
Platform Trust Services Interface Specification (IF-PTS), Version 1.0, Rev 1.0
Core Integrity Schema Specification, Version 1.0.1, Rev 1.0
Simple Object Schema Specification Version 1.0, Rev. 1.0
Security Qualities Schema Specification Version 1.1, Revision 7
Reference Manifest (RM) Schema Specification Version 1.0, Rev. 1.0
Integrity Report Schema Specification Version 1.0, Rev. 1.0
Verification Result Schema Specification Version 1.0, Revision 1.0

1.1. Supported Features

Reference Manifest(RM) generation from Integrity Measurement Log (IML)
Integrity Report(IR) generation from Integrity Measurement Log (IML)
Verification Result (VR) generation drom IR and VR
Integrity Information Database (for RedHat,CentOS,KNOPPIX,Ubuntu)
Vulnerability Information Database (OVAL,CVE,DSA)
Validation engine based on Finite State Machine
Behabior Models of Platform (BIOS) and Runtime (OS)

1.2. Planned Features

XML Signature

1.3. Supported Trusted Computing Platform List

This pts use two integrity manifest, platform and runtime. The platform manifest covers BIOS integrity. As it stands, no PC BIOS vender provides a manifest. thus we create the manifest from existing PC BIOS, The eventlog is stored at ACPI Table and Linux Kenrel supports to access that.

The runtime manifest will cover Bootloader, Operating System and Virtual Machine Monitor.

1.3.1. Platform Infomation (BIOS)

Vendor	Type	Comments
Lenovo	Thinkpad X60,X61,T60,T61 etc	pls. update the BIOS
Panasonic	W7,Y7, etc

For more detail, See the table at PlatformInfo PlatformBiosInt1AhInfo

1.3.2. Runtime Information (O/S)

Name	Status	Comments
KNOPPIX511 Trusted Computing Geeks	VALID	Linux-IMA

Other Linux based Operating Systems are possible to support.

1.4. Demonstration

DemoMovie

2. Client Setup Guide

2.1. KNOPPIX

How to use OpenPlatformTrustServices with KNOPPIX Trusted Computing Geeks（PDF, English)
KNOPPIX Trusted Computing Geeks でのOpenPlatformTrustServices の使い方 (PDF, 日本語)
KNOPPIX Trusted Computing Geeks Quick Setup Guide

HowToBuildForKnoppix
HowToBuildForKnoppix531 (v0.1.2 draft)

3. Server Setup Guide

OpenPlatformTrustServices サーバー構築ガイド v1.0 (PDF, 日本語)
OpenPlatformTrustServices Server Setup Guide v1.0 (PDF, English)
OpenPlatformTrustServicesServerSetupGuide (v0.1.2 DRAFT)

4. Reference Manuals

4.1. Command Reference

ToolsCommandReference
TcdemoCommandReference

4.2. Cheat Sheets and tips for TC developers

TPM v1.2 Error Code Cheat Sheet
TSS v1.2 Error Code Cheat Sheet
LinuxDistroComparisonTable
HackingLinuxTpmDeviceDriver

5. Development

Distro	Release	bootloader (patch)	Kernel (patch)
CentOS 5		(grub-ima)	2.6.18
Fedora 7	2007/5/31	(grub-ima)	2.6.21
Fedora 8	2007/11/8	(grub-ima)	2.6.23
Fedora 9	2008/5/14	grub-0.97-33 (grub-ima)	2.6.25 - 2.6.27.25 (ibm_ima_8.5_2.6.27.6.patch)
Fedora 10	2008/11/25	grub-0.97-38 (grub-0.97-38.fc10.ima-1.1.0.0.patch)	2.6.27 - 2.6.27.41 (ibm_ima_8.5_2.6.27.6.patch)
Fedora 11	2009/6/9	grub-0.97-50 (grub-ima)	2.6.29 - 2.6.30.10 (ibm_ima_2.6.29.1.patch)
Fedora 12	2009/11/17	grub-0.97-60 (grub-ima)	2.6.31 - 2.6.31.12 (need fix for iTPM)
Ubuntu Hardy	2008/4/24	(grub-ima)	2.6.24 (ibm_ima_8.3_2.6.24.3.patch)
Ubuntu Intrepid	2008/10/30	(grub-0.97-29ubuntu45-ima-1.1.0.0.patch)	2.6.27 (ibm_ima_8.5_2.6.27.6.patch)
Ubuntu Jaunty	2009/4/23	(grub-0.97-29ubuntu45-ima-1.1.0.0.patch)	2.6.28
Ubuntu Kermic	2009/10/29	N/A (grub2)	2.6.31 - 2.6.31-14
Ubuntu Lucid	2010/4/29	N/A (grub2)	?

Open Platform Trust Services Forkopenptspts-testsuite