Trusted Boot in Fedora
Adam Williamson
awilliam at redhat.com
Wed Jun 29 17:12:40 UTC 2011
On Wed, 2011-06-29 at 13:36 +0200, Björn Persson wrote:
> Adam Williamson wrote:
> > On Tue, 2011-06-28 at 10:01 -0400, Adam Jackson wrote:
> > > On Tue, 2011-06-28 at 09:59 +0200, Nicolas Mailhot wrote:
> > > > Le Lun 27 juin 2011 15:12, Miloslav Trmač a écrit :
> > > > > Placing trust in the manufacturer of the hardware puts the user in no
> > > > > worse position than they were before.
> > > >
> > > > I don't call placing absolute vetting power in bios writer hands "no
> > > > worse position". I don't thing anyone can point to a "good" bios on
> > > > real world hardware.
> > >
> > > I appreciate the disdain - no, really, trust me, I do - but you should
> > > realize that SMM means you already may have no control over the machine.
> >
> > Well, the fact that BIOSes aren't open source means that anyway.
>
> That's not impossible to change though. I have never dared to try Coreboot
> myself, for fear of destroying my motherboard, but in principle it's possible
> to replace the BIOS in most current computers with a free implementation. It's
> looking like the TPM makes it impossible to replace Sinit with a free clone.
"Most current computers"? The support list -
http://www.coreboot.org/Supported_Motherboards - is tiny, and doesn't
include any even vaguely recent Intel chipset that I can see. And it
includes a grand total of four laptops, two of which I've never heard
of.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net
More information about the devel
mailing list