Trusted Boot in Fedora
Jon Ciesla
limb at jcomserv.net
Fri Jun 24 12:21:39 UTC 2011
> On Fri, Jun 24, 2011 at 10:01:45AM +0100, Camilo Mesias wrote:
>> I am still struggling to see real applications for this. I don't know
>> how a networked system using the technology could be differentiated
>> from an (insecure) software simulation of the same from a remote
>> viewer's perspective. Also I don't see how it would be used in the
>
> Afaik it would allow to securely enter hard disk encryption passwords
> via network on a Fedora system, because one can ensure that the correct
> (untampered) initrd / kernel is loaded.
> You cannot simulate this afaik because the used cryptographic keys are
> only stored in the TPM module and cannot be accessed from the outside.
> Therefore one needs to tamper with the TPM module instead of only with
> the unencrypted /boot partition, which is a lot harder from my point of
> view.
So you can't possibly duplicate the keys elsewhere and modify the software
calling them to look in that place, allowing you to virtualize a whole
cluster of the same "trusted" machine?
-J
> Regards
> Till
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
>
--
in your fear, seek only peace
in your fear, seek only love
-d. bowie
More information about the devel
mailing list