* Marc Ballarin <Ballarin.Marc@xxxxxx> wrote: > In this case you need a method to verify the integrity of every compnent > of your system. The best bet would probably be something like TPM. This > should cover at least the BIOS and the rest of the software but > manipulated firmware might still slip through. The real solution would be TXT from new intel chips. This can provide runtime secure boot so the chain of trust is _really_ short. In fact only the cpu, northbridge and the signed module provided by intel. I've tested it with an intel executive DQ45 motherboard and a q9550 cpu. It works though requires a good deal of work (patching included). http://sourceforge.net/projects/tboot/ michael -- It's already too late! _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
