On Fri, 2014-03-14 at 13:37 -0700, David Lang wrote:
> On Fri, 14 Mar 2014, Matthew Garrett wrote:
> > As an example, imagine a platform with the bootloader and kernel on
> > read-only media. The platform can assert that the kernel is trusted even
> > if there's no measurement of the kernel.
>
> Trusted by who?
The platform. If you don't trust the platform's ability to make that
decision then that's something that informs your own behaviour, not the
platform's.
> Alan is saying measured because then if it matches what the owner of that device
> intends it's trusted, but just because you trust it doesn't mean that I trust
> it, and it doesn't mean that the russian government should trust it, etc.
"Measured" has a specific meaning. If you trust a file based on its
source rather than some property of the file itself, you're not
measuring it.
--
Matthew Garrett <matthew.garrett@xxxxxxxxxx>
��.n��������+%�������w��{.n�����{����*�jg���������ݢj�����G��������j:+v���w�m������w�������h�����٥
