By Debora Velarde, IBM Linux Technology Center

Someone recently pointed me to a study on the Open Source Trusted Computing Software Stack which was sponsored by The German Federal Office for Information Security (BSI). The study titled “Introduction and Analysis of the Open Source TCG Software Stack TrouSerS and Tools in its Environment” was performed by Sirrix AG security technologies. The study is available in English from the BSI web site. Since the study was published on the BSI site a year ago, some of the information is a little outdated. But it is still a good read for anyone trying to understand the different components that make up the Trusted Computing Software Stack and the relationship between the different components.

The study covers many of components that I was already familiar with: TrustedGRUB [1], GRUB-IMA [2], the Linux TPM Device Driver [3], TrouSerS [4], TPM Tools [5], and the OpenSSL TPM Engine [6]. However, the study also covered some items that I hadn’t known about prior to reading the study: the Open Secure Loader (OSLO) and the TPM Manager. OSLO is a security enhanced bootloader that uses the Dynamic Root of Trust for Measurement [7]. TPM Manager is a graphical user interface for managing the TPM which Sirrix AG helped to develop [8]. One item the study does not cover is Hal Finney’s Privacy CA which Emily blogged about back in January of 2008. For each component included in the study, it provides an overview, some install and configuration information, and an analysis of the quality of the implementation. The quality analysis includes details such as: implementation language, lines of code, whether the code is well commented, available documentation and support such as mailing lists. In the “Compliance and Interoperability” chapter, the study takes a look at each of the components focusing on their compliance with respect to different specifications. Next, the study includes results from testing the components interoperability with SELinux [9], the Xen hypervisor [10], and the Turaya security kernel [11]. If you’ve never heard of the Turaya security kernel, you’re not alone. Information about Turaya is available on the Sirrix AG web site.

In the final chapter, the study makes some conclusions about the Open Source Trusted Computing Software Stack. It states that “the most important building blocks” are “available and robust enough to be used in a wide variety of security-critical services and applications”. The study continues to note that there is currently no application that actually takes advantage of this trusted computing technology. The study also concludes that the results from the interoperability testing with SELinux, Xen, and Turaya, are “high enough to realize TC-enabled applications on top of them.” Finally, the study closes by discussing some open issues including suggestions for improvement.

Related Links:
[1] TrustedGRUB: https://sourceforge.net/projects/trustedgrub
[2] GRUB-IMA: http://domino.research.ibm.com/comm/research_people.nsf/pages/sailer.ima.html
[3] Linux TPM Device Driver: now part of the Linux kernel http://kernel.org/
[4] TrouSerS: https://sourceforge.net/projects/trousers/
[5] TPM Tools: https://sourceforge.net/projects/trousers/
[6] OpenSSL TPM Engine: https://sourceforge.net/project/showfiles.php?group_id=126012&package_id=165637
[7] Open Secure LOader: http://os.inf.tu-dresden.de/~kauer/oslo/
[8] TPM Manager: https://sourceforge.net/projects/tpmmanager/
[9] SELinux: http://www.nsa.gov/research/selinux/index.shtml
[10] Xen: http://www.xen.org/
[11] Turaya: http://www.sirrix.com/content/pages/50580.htm