Remote attestation is a mechanism by which a third party authenticates (i.e., establishes trust in) the software of a target computer system (target system). The third party performing remote attestation is referred to herein as a verifier. A verifier can rely on a trusted platform module (TPM) on the target system for establishing a hardware root of trust. The TPM measures the software running on a target system by calculating and storing checksums of software components. The measurement process starts from a trusted state in the TPM hardware. The verifier can ask the target system for checksums of software components as they were loaded. A composite hash of these measurements is referred to herein as a quote. The verifier receives a quote from the target system, which it can then base its trust assessment on.
In order for the verifier to establish trust in the target computer system, the verifier has to first verify the integrity of the software that the target system is running. The target system maintains a record of the individual checksums of each software component running and the order in which the software components were measured by the TPM. This record is referred to herein as an event log, which includes the name and version of each software module. Since the event log is untrusted, the verifier has to check it against the measurements performed by the TPM and then verify the checksums of the individual software components. The verifier can maintain a white-list of software components and their checksums. However, a target system is typically composed of multiple binaries, each of which comprises multiple modules. As such, the white-list maintained by the verifier can become large and difficult to manage and maintain. Over time, the database storing the white list grows unboundedly.
To facilitate understanding, identical reference numerals have been used, where possible, to designate identical elements that are common to the figures. It is contemplated that elements disclosed in one embodiment may be beneficially utilized on other embodiments without specific recitation.