Trusted Boot in Fedora

Miloslav Trmač mitr at volny.cz
Fri Jun 24 09:41:21 UTC 2011


2011/6/24 Tomas Mraz <tmraz at redhat.com>:
> Yes, I completely agree. What Gregory tries to emphasis here - as I
> understand it, of course he might have a different intention - is purely
> politics and I do not think, that Fedora should involve in political
> decisions in one way or another.

Frankly, I view the DRM issue as somewhat of a red herring in this
discussion.  I can't see any reasonable way to set up a TPM-based DRM
scheme for general-purpose computers: where does the trust come from?
If nothing else, there must be thousands of common computer
models/configurations; if a client connects to a music shop for the
first time, how can the music shop tell the difference between an
unmodified computer and a computer modified to record the music files?

A company's IT department can install the computer from scratch by a
trusted employee, "measure" the system, record the results, and use
that as a baseline for the future use of the TPM within for
attestation that company.

A maker of an entertainment console can do something similar before it
ships the device to customers.

But for a general-purpose computer designed by a third party, I really
can't see the trust mechanism.
   Mirek


More information about the devel mailing list