Trusted Boot in Fedora

Miloslav Trmač mitr at volny.cz
Fri Jun 24 19:49:50 UTC 2011


On Fri, Jun 24, 2011 at 12:49 PM, Andrew Haley <aph at redhat.com> wrote:
> What I don't understand is why this feature requires a binary blob.
> Surely whatever northbridge code is required can be free software,
> Is this just security through obscurity?

The purpose of the blob is to "measure" the system state; only the
blob (and hardware reset) is allowed to restart the "measuring"
process in the TPM.  For this to work securely, the blob must be
signed by someone that the TPM itself trusts - otherwise an attacker
could replace the blob by something that lies about the system state.

So, from a standpoint of hacking, it doesn't matter - users won't have
the practical freedom to modify the blob anyway because they can't
sign it.

>From a standpoint of learning/sharing/review - I agree having the
source code would be very useful.
   Mirek


More information about the devel mailing list