Context Navigation

Welcome to Sboot

The goal of sboot is to ensure the software and hardware integrity of a linux system in an easy and cheap way. The goal is the same as those of TPM, however, we try to provide that with either a trivial usb key or (in the future) with a secure token.

Sboot is an extension of the grub bootloader that was developped during the Econfidential ITEA project.

The basic elements of the system are the following :

a modified grub 1.0.1
a usb key with the certificate used to encrypt the user partition. The passphrase to access the certificate is built from the user password and a hardware and software signature worked out by the modified grub.
an encrypted user partition,
pam used to mount the encrypted user partition.

The system is working in the following way :

on boot, a modified grub is working out a bios signature, a hardware signature (all pciids, ram, hard disk size), and then a number of file signature. You choose the files on which you do a signature,
linux is then normally booting. When arriving at logging, the usb key (in the current version) must have been plugged in. pam_mount uses the previously grub hardware/software signature and the user password as the passphrase for getting the encryption certificate.

Download in other formats:

Plain Text