On Fri, 14 Mar 2014, Matthew Garrett wrote:
On Fri, 2014-03-14 at 14:11 -0400, Matthew Garrett wrote:
The fact that you keep saying measured really does make me suspect that
you misunderstand the problem. There's no measurement involved, there's
simply an assertion that the firmware (which you're forced to trust)
chose, via some policy you may be unaware of, to trust the booted
kernel.
As an example, imagine a platform with the bootloader and kernel on
read-only media. The platform can assert that the kernel is trusted even
if there's no measurement of the kernel.
Trusted by who?
Alan is saying measured because then if it matches what the owner of that device
intends it's trusted, but just because you trust it doesn't mean that I trust
it, and it doesn't mean that the russian government should trust it, etc.
There just isn't one value of trust.
David Lang
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
