An implementation for firmware TPM and improved SSL/TLS based UEFI remote attestation
This project aims to provide simplified secure boot based on remote attestation approach for UEFI-supportive system. The UEFI Attestation framework consists of client and server side.
The client side acts as a DXE Driver which requires for network support in UEFI environment. And the server side will provide security authentication service. The connection between server and client will be established based on SSL/TLS protocol.
-
Download and configure EDKII.
git clone https://github.com/tianocore/edk2.git -
Enter into path
$WorkPath/edk2and clone
cd edk2
git clone https://github.com/Hecmay/UEFI-Attestation.git
- Set up the Ovmf Paltform description file and QEMU
For details please refer to the followed links:
After setting up the local area network parameter and building OvmfPkg into OVMF.fd, launch ServerSide/server.py on a server in the same LAN, as well as the Ovmf firmware (with attestation framework client component built in) in QEMU with Utility/boot.sh using source boot.sh start.