Trusted Boot in Fedora
夜神 岩男
supergiantpotato at yahoo.co.jp
Sat Jun 25 01:54:22 UTC 2011
On Fri, 2011-06-24 at 11:41 +0200, Miloslav Trmač wrote:
> 2011/6/24 Tomas Mraz <tmraz at redhat.com>:
> > Yes, I completely agree. What Gregory tries to emphasis here - as I
> > understand it, of course he might have a different intention - is purely
> > politics and I do not think, that Fedora should involve in political
> > decisions in one way or another.
>
> Frankly, I view the DRM issue as somewhat of a red herring in this
> discussion. I can't see any reasonable way to set up a TPM-based DRM
> scheme for general-purpose computers: where does the trust come from?
> If nothing else, there must be thousands of common computer
> models/configurations; if a client connects to a music shop for the
> first time, how can the music shop tell the difference between an
> unmodified computer and a computer modified to record the music files?
>
> A company's IT department can install the computer from scratch by a
> trusted employee, "measure" the system, record the results, and use
> that as a baseline for the future use of the TPM within for
> attestation that company.
>
> A maker of an entertainment console can do something similar before it
> ships the device to customers.
>
> But for a general-purpose computer designed by a third party, I really
> can't see the trust mechanism.
> Mirek
Perhaps you just answered your own question in reverse.
Have you considered that the real goal could easily be to exclude
third-parties?
-Iwao
More information about the devel
mailing list