On Fri, 2014-03-14 at 14:11 -0400, Matthew Garrett wrote: > The fact that you keep saying measured really does make me suspect that > you misunderstand the problem. There's no measurement involved, there's > simply an assertion that the firmware (which you're forced to trust) > chose, via some policy you may be unaware of, to trust the booted > kernel. As an example, imagine a platform with the bootloader and kernel on read-only media. The platform can assert that the kernel is trusted even if there's no measurement of the kernel. -- Matthew Garrett <matthew.garrett@xxxxxxxxxx> ��.n��������+%������w��{.n�����{����*jg��������ݢj����G�������j:+v���w�m������w�������h�����٥