Trusted Boot in Fedora

Andrew Haley aph at redhat.com
Mon Jun 27 10:11:51 UTC 2011


On 24/06/11 20:49, Miloslav Trmač wrote:
> On Fri, Jun 24, 2011 at 12:49 PM, Andrew Haley <aph at redhat.com> wrote:
>> What I don't understand is why this feature requires a binary blob.
>> Surely whatever northbridge code is required can be free software,
>> Is this just security through obscurity?
> 
> The purpose of the blob is to "measure" the system state; only the
> blob (and hardware reset) is allowed to restart the "measuring"
> process in the TPM.  For this to work securely, the blob must be
> signed by someone that the TPM itself trusts - otherwise an attacker
> could replace the blob by something that lies about the system state.
> 
> So, from a standpoint of hacking, it doesn't matter - users won't have
> the practical freedom to modify the blob anyway because they can't
> sign it.

What we're saying, then, is that the TPM doesn't trust the owner of
the computer, but its manufacturer.  It's impossible for a user to
decide who they trust.

Surely, from a Fedora standpoint, this is a complete non-starter.

Andrew.


More information about the devel mailing list