Red Hat Will Pay Microsoft To Get Past UEFI Restrictions
Sam Varshavchik
mrsam at courier-mta.com
Tue Jun 5 10:49:56 UTC 2012
Alan Cox writes:
> > It is logically impossible to have a so-called "secure-boot" for both a
> free
> > OS and a non-free OS on the same platform.
>
> Actually it's perfectly possible with some careful planning.
>
> If you are using TXT or similar services you measure the entire boot path
> and that then defines your access to the TPM which is where you put your
> disk decryption keys. Neither OS can then get at the decryption key for
> the other.
>
> You can do that today 8)
This will, of course, have the nice side-effect of preventing you from
mounting the other OS's partition.
But I think that this is not something that anyone is spending much time on.
You're going to get more bang for the buck by simply preventing other OSes
from getting a foothold; so no need to worry about other OSes accessing your
own bits. Don't have to worry about disk encryption altogether, then.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20120605/ed7b5b4b/attachment.sig>
More information about the users
mailing list