Kevin Kofler wrote: > Matthew Garrett wrote: > > Measured boot is a process whereby each component in the boot chain > > "measures" the next component. In the TPM 1.x world (which is where > > most of us still are), that measurement is in the form of a SHA1 > > hash of the next component. So, on a BIOS system, the firmware > > measures itself, the firmware measures its configuration, the > > firmware measures any option ROMs on plugin cards, the firmware > > measures the MBR of the disk, the MBR measures the grub stage 1, > > the grub stage 1 measures the grub stage 2, the grub stage 2 > > measures the kernel and so on. > > Yet another Treacherous Computing "feature" that nobody needs! That depends entirely on who controls the keys. It's treacherous only if the sysadmin doesn't have the secret key. Björn Persson
Attachment:
pgp23yDSMkrjx.pgp
Description: OpenPGP digital signatur
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
