On Thu, May 31, 2012 at 12:16 PM, Gerry Reno <greno@xxxxxxxxxxx> wrote: > On 05/31/2012 01:10 PM, Gregory Maxwell wrote: >> On Thu, May 31, 2012 at 1:07 PM, Gerry Reno <greno@xxxxxxxxxxx> wrote: >>> Could be any of a thousand ways to implement this. >>> Maybe it checks the BIOS to determine whether some SecureBoot flag is set. >> While it pains me to argue with someone on my side— you're incorrect. >> The compromised system would just intercept and emulate or patch out that test. > > Then what's missing here is a way for booted OS's to test themselves for integrity. Maybe some sort of cryptographic signature stored in the hardware? <ducks> -J </sarcasm> > > -- > devel mailing list > devel@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/devel -- http://cecinestpasunefromage.wordpress.com/ ------------------------------------------------ in your fear, seek only peace in your fear, seek only love -d. bowie -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
