Trusted Boot in Fedora
awilliam at redhat.com
Wed Jun 29 06:07:08 UTC 2011
On Tue, 2011-06-28 at 10:01 -0400, Adam Jackson wrote:
> On Tue, 2011-06-28 at 09:59 +0200, Nicolas Mailhot wrote:
> > Le Lun 27 juin 2011 15:12, Miloslav Trmač a écrit :
> > > Placing trust in the manufacturer of the hardware puts the user in no
> > > worse position than they were before.
> > I don't call placing absolute vetting power in bios writer hands "no worse
> > position". I don't thing anyone can point to a "good" bios on real world
> > hardware.
> I appreciate the disdain - no, really, trust me, I do - but you should
> realize that SMM means you already may have no control over the machine.
Well, the fact that BIOSes aren't open source means that anyway. As far
as we the users are concerned, the BIOS is black box code which runs
with the ultimate in administrative privileges. It could be doing
_anything_ back there. SMM is a fairly standardized example of this,
sure, but there's no way we can really be sure our BIOS isn't doing a
zillion other 'bad things'. The point where you tip over into excessive
paranoia is a bit hard to discern when you start going down this road,
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
More information about the devel