Trusted Boot in Fedora
Simo Sorce
simo at redhat.com
Mon Jun 27 15:14:50 UTC 2011
On Mon, 2011-06-27 at 16:53 +0200, Miloslav Trmač wrote:
> On Mon, Jun 27, 2011 at 4:08 PM, Simo Sorce <simo at redhat.com> wrote:
> > On Mon, 2011-06-27 at 15:12 +0200, Miloslav Trmač wrote:
> >> On Mon, Jun 27, 2011 at 12:11 PM, Andrew Haley <aph at redhat.com> wrote:
> >> > On 24/06/11 20:49, Miloslav Trmač wrote:
> >> >> The purpose of the blob is to "measure" the system state; only the
> >> >> blob (and hardware reset) is allowed to restart the "measuring"
> >> >> process in the TPM. For this to work securely, the blob must be
> >> >> signed by someone that the TPM itself trusts - otherwise an attacker
> >> >> could replace the blob by something that lies about the system state.
> <snip>
> > Trusting the manufacturer to not put bugs/backdoors is one thing.
> > Having to depend on the manufacturer to sign your boot sequence is
> > entirely different, doesn't scale and is generally not welcome.
>
> The hardware manufacturer _only_ signs the sinit blob. Any kernel/OS
> you use can be measured/"protected" by the TPM without any further
> involvement of the manufacturer.
How does the sinit blob verify the kernel ?
Can you add some documentation about that in the feature page request as
others have asked please ?
Thanks,
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the devel
mailing list