Posted by Ken Y-N on November 27th, 2009 at 04:23pm
With Google recently releasing the design documents for their Chromium (Chrome) OS I was further curious to see if they had considered the Trusted Computing Group’s Mobile Trusted Module, but sadly they had not.
Thinking about the problem, their write-protected region of EEPROM works as a CRTM (Core Root of Trust for Measurement), and this CRTM could be used to initialise either a software or hardware MTM. The code within the firmware may form the Trusted Computing Base, and the core operating system modules on top of that would form a Trusted Building Block, with, of course, a suitable set of RIM (Reference Integrity Metrics) Certificates to verify each step of the MTM’s Secure Boot.
Given that Chromium OS is designed to be a thin client and may feature 3G-based connectivity as well as the usual WiFi, for certain applications the more rigid MTM Secure Boot makes more sense than the looser TPM Trusted Boot. Of course, whichever TCG-based boot method is chosen, the developer/hacker fall-back non-trusted boot path should also be available.