Alan Cox writes:
> It is logically impossible to have a so-called "secure-boot" for both a free> OS and a non-free OS on the same platform. Actually it's perfectly possible with some careful planning. If you are using TXT or similar services you measure the entire boot path and that then defines your access to the TPM which is where you put your disk decryption keys. Neither OS can then get at the decryption key for the other. You can do that today 8)
This will, of course, have the nice side-effect of preventing you from mounting the other OS's partition.
But I think that this is not something that anyone is spending much time on. You're going to get more bang for the buck by simply preventing other OSes from getting a foothold; so no need to worry about other OSes accessing your own bits. Don't have to worry about disk encryption altogether, then.
Attachment:
pgp6bO6cNr2_r.pgp
Description: PGP signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org