OT - Trusted Boot project in F16
supergiantpotato at yahoo.co.jp
Thu Jun 23 13:52:10 UTC 2011
On Thu, 2011-06-23 at 22:43 +0900, 夜神 岩男 wrote:
> On Thu, 2011-06-23 at 05:54 -0700, Joe Wulf wrote:
> > Awesome post, JB. Way cool.
> > Um another question come to mind, like, will such an OS still boot/work on Intel
> > (and AMD?) CPUs, say older ones, that don't have the TPM?
> > R,
> > -Joe Wulf
> After a bit of looking (I was very concerned after reading the first
> post) it seems this feature is primarily focused on providing
> information to satisfy an external "trusted system y/n" type query by
> matching a known kernel image hash which is expected by the requestor.
On a side note, this feature seems to also be a ploy to force uniform
adoption of a specific, patent-holding vendor's hardware. In other
words, in an environment where only a trusted hash is accepted for, say,
a secure network login, "trusted y/n?" is also implicitly asking
"running on supported Intel(r) hardware y/n?" If no, you can't log in,
hence you must purchase supported hardware. Depending on the patent
situation involved this could be a significant step away from the stated
purpose and spirit of open source -- in which case it would not be
widely used if implemented, and damaging to the wired world if it were.
This may have something to do with the lack of universal adoption
despite this idea/feature being quite old as measured by Internet Time.
More information about the users