Trusted Boot in Fedora
Miloslav Trmač
mitr at volny.cz
Mon Jun 27 14:53:22 UTC 2011
On Mon, Jun 27, 2011 at 4:08 PM, Simo Sorce <simo at redhat.com> wrote:
> On Mon, 2011-06-27 at 15:12 +0200, Miloslav Trmač wrote:
>> On Mon, Jun 27, 2011 at 12:11 PM, Andrew Haley <aph at redhat.com> wrote:
>> > On 24/06/11 20:49, Miloslav Trmač wrote:
>> >> The purpose of the blob is to "measure" the system state; only the
>> >> blob (and hardware reset) is allowed to restart the "measuring"
>> >> process in the TPM. For this to work securely, the blob must be
>> >> signed by someone that the TPM itself trusts - otherwise an attacker
>> >> could replace the blob by something that lies about the system state.
<snip>
> Trusting the manufacturer to not put bugs/backdoors is one thing.
> Having to depend on the manufacturer to sign your boot sequence is
> entirely different, doesn't scale and is generally not welcome.
The hardware manufacturer _only_ signs the sinit blob. Any kernel/OS
you use can be measured/"protected" by the TPM without any further
involvement of the manufacturer.
Mirek
More information about the devel
mailing list