Trusted Boot in Fedora
Björn Persson
bjorn at xn--rombobjrn-67a.se
Wed Jun 29 11:36:44 UTC 2011
Adam Williamson wrote:
> On Tue, 2011-06-28 at 10:01 -0400, Adam Jackson wrote:
> > On Tue, 2011-06-28 at 09:59 +0200, Nicolas Mailhot wrote:
> > > Le Lun 27 juin 2011 15:12, Miloslav Trmač a écrit :
> > > > Placing trust in the manufacturer of the hardware puts the user in no
> > > > worse position than they were before.
> > >
> > > I don't call placing absolute vetting power in bios writer hands "no
> > > worse position". I don't thing anyone can point to a "good" bios on
> > > real world hardware.
> >
> > I appreciate the disdain - no, really, trust me, I do - but you should
> > realize that SMM means you already may have no control over the machine.
>
> Well, the fact that BIOSes aren't open source means that anyway.
That's not impossible to change though. I have never dared to try Coreboot
myself, for fear of destroying my motherboard, but in principle it's possible
to replace the BIOS in most current computers with a free implementation. It's
looking like the TPM makes it impossible to replace Sinit with a free clone.
Björn Persson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20110629/15ee0289/attachment.bin
More information about the devel
mailing list