On Tue, Nov 14, 2017 at 2:14 PM, James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> wrote: > On Tue, 2017-11-14 at 15:55 -0500, Matthew Garrett wrote: >> TPM-backed Trusted Boot means you don't /need/ to sign anything, >> since the measurements of what you loaded will end up in the TPM. But >> signatures make it a lot easier, since you can just assert that only >> signed material will be loaded and so you only need to measure the >> kernel and the trusted keys. > > Actually, I'd disagree with that quite a lot: measured boot only works > if you're attesting to something outside of your system that has the > capability for doing something about a wrong measurement. Absent that, > measured boot has no safety whatsoever. Secure boot, on the other > hand, can enforce not booting with elements that fail the signature > check. Measured boot has a great deal of value in the sealing of private material, even in the absence of attestation. The way Microsoft make use of PCR7 is a good example of how signatures make this easier - achieving the same goal with a full measurement of the boot chain instead of relying on signature validation results in significantly more fragility. -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
