Trusted Boot in Fedora
Björn Persson
bjorn at xn--rombobjrn-67a.se
Wed Jun 29 23:50:42 UTC 2011
Adam Williamson wrote:
> On Wed, 2011-06-29 at 13:36 +0200, Björn Persson wrote:
> > That's not impossible to change though. I have never dared to try
> > Coreboot myself, for fear of destroying my motherboard, but in principle
> > it's possible to replace the BIOS in most current computers with a free
> > implementation. It's looking like the TPM makes it impossible to replace
> > Sinit with a free clone.
>
> "Most current computers"? The support list -
> http://www.coreboot.org/Supported_Motherboards - is tiny, and doesn't
> include any even vaguely recent Intel chipset that I can see. And it
> includes a grand total of four laptops, two of which I've never heard
> of.
Most current computers have their BIOS stored in a flash memory and allow you
to overwrite it with a newer version. Instead of a newer version of the unfree
BIOS you can install a free BIOS, if you have one. That is, *in principle*
it's possible to replace the BIOS in any computer where the BIOS can be
upgraded. Getting a free BIOS for your particular motherboard is a so-called
simple matter of programming.
The point I'm trying to make is that there's a difference between an unfree
Sinit and an unfree BIOS, in that while you can *theoretically* replace the
BIOS, you will never be able to replace Sinit no matter how much you program,
because the TPM will reject any Sinit clone that isn't signed by Intel. (At
least that's what people seem to be saying around here.)
Björn Persson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20110630/a5c2b680/attachment.bin
More information about the devel
mailing list