Trusted Boot in Fedora
Till Maas
opensource at till.name
Fri Jun 24 09:11:15 UTC 2011
On Fri, Jun 24, 2011 at 10:01:45AM +0100, Camilo Mesias wrote:
> I am still struggling to see real applications for this. I don't know
> how a networked system using the technology could be differentiated
> from an (insecure) software simulation of the same from a remote
> viewer's perspective. Also I don't see how it would be used in the
Afaik it would allow to securely enter hard disk encryption passwords
via network on a Fedora system, because one can ensure that the correct
(untampered) initrd / kernel is loaded.
You cannot simulate this afaik because the used cryptographic keys are
only stored in the TPM module and cannot be accessed from the outside.
Therefore one needs to tamper with the TPM module instead of only with
the unencrypted /boot partition, which is a lot harder from my point of
view.
Regards
Till
More information about the devel
mailing list