On Fri, 14 Mar 2014 19:24:55 +0000 Matthew Garrett <matthew.garrett@xxxxxxxxxx> wrote: > On Fri, 2014-03-14 at 14:11 -0400, Matthew Garrett wrote: > > > The fact that you keep saying measured really does make me suspect that > > you misunderstand the problem. There's no measurement involved, there's > > simply an assertion that the firmware (which you're forced to trust) > > chose, via some policy you may be unaware of, to trust the booted > > kernel. > > As an example, imagine a platform with the bootloader and kernel on > read-only media. The platform can assert that the kernel is trusted even > if there's no measurement of the kernel. Only if you have a secure signed path through the controller firmware and physical security of the hardware. If not I can reprogram your BIOS, your GPU firmware, your USB stick or your CD-ROM controller to lie. Anything must either be measurable or tamperproof from within the system itself (or both). So a physically write protected ROM bootloader loading a kernel and initrd from that same physically protected ROM is secure, but your average CD-ROM drive is not. Alan -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html