README ====== "OpenTC PET Proof of Concept prototype" - DSL version Overview: This liveCD contains the components of the proof of concept prototype of the first period of the OpenTC project for the application scenario called Private Electronic Transactions (PET). This bootable iso image aims to demonstrate the Trusted Computing use case of a dual gateway/proxy solution that serves as an attestable platform for secured internet banking transactions. It is far from being ready for any use in the critical security infrastructure of a financial institution, and there is no claim for this kind of readiness. The intention is to show what can be done with the Trusted Computing Technology components that are available on Linux today, aspects such as deployment, certificate management, configuration management, deployment and lifecycle management are mostly disregarded. ------------------------------------------------------------------------------ Hardware requirements to run the demonstration: One laptop computer equipped with 1GB RAM; supported models are: 1) HP nx6325 2) Lenovo T60 This LiveCD may easily be runnable on many other systems, but your mileage may vary. ------------------------------------------------------------------------------ Known problems: - when running with Xen hypervisor the creation of AIK (see icon step #4 on the desktop when in expert user mode) may take very long; the following workaround can be use to have an acceptable duration: - before booting, connect the platform to the wired network and make sure that a DHCP server is available to give the platform the network configuration parameters; this not required by application scenario, since both client and server sides components run on the same physical platform, but makes the time needed for AIK creation from about thirty seconds to two minutes - if the time for step #4 exceeds two minutes or if a network connection or the DHCP server cannot be provided, in a console window, while the AIK process is being executed, launch the following pair of commands ifdown eth0 ifup eth0 once or more times until the AIK is generated. - when running with L4 microkernel, from time to time the network configuration from a DHCP server cannot be obtained: this is not a real issue for the demonstrator procedure, because this application scenario doesn't need for any access to the physical network - when the system is running OpenTC PET Proof of Concept with Xen and X server in dom0 is started, from time to time it may happen that rebooting the system again with Xen and starting X server in dom0 make the whole system hang: in this case the platform must be switched off. A workaround is avoiding reboot cycles and always powering off the platform. - during the booting procedure Xen microkernel, the system shows a complaint about /lib/tls and glibc: it can be ignored - when running with L4 microkernel, from time to time the following error message is returned to guest domains consoles: "TSC appears to be running slowly. Marking it as unstable Time jiffies clocksource has been installed." it can be ignored. - when running with L4 microkernel on a T60 platform, it might be necessary to disable the trackpoint in the BIOS configuration - when running with Xen hypervisor on a T60 platform, it might happen that the boot process stops returning the following message: "OTC: Fatal Error: Unable to find d0image loop file". A workaround to let the system start can be changing the serial ATA mode in the BIOS configuration for the cdrom, from "Compatible" to "AHCI". ------------------------------------------------------------------------------ Warranty: This iso image do not come with any warranty of any kind, nor is it supported by Open_TC consortium in any way. However, if you have any questions about the project, its results or its motivation, use the contacts below. For the complete disclaimer and license information have a look at the files COPYING and DISCLAIMER. ------------------------------------------------------------------------------ The Open_TC project is co-financed by the EC. If you need further information about the project, please visit our website www.opentc.net or contact the coordinator: Technikon Forschungs- und Planungsgesellschaft mbH Richard-Wagner-Strasse 7, 9500 Villach, AUSTRIA Tel. +43 4242 23355 - 0 Fax. +43 4242 23355 - 77 Email coordination@opentc.net