|| ||Miloslav Trmaè <mitr-AT-volny.cz> |
|| ||Development discussions related to Fedora <devel-AT-lists.fedoraproject.org> |
|| ||Re: Trusted Boot in Fedora |
|| ||Fri, 24 Jun 2011 21:49:50 +0200|
|| ||Article, Thread
On Fri, Jun 24, 2011 at 12:49 PM, Andrew Haley <email@example.com> wrote:
> What I don't understand is why this feature requires a binary blob.
> Surely whatever northbridge code is required can be free software,
> Is this just security through obscurity?
The purpose of the blob is to "measure" the system state; only the
blob (and hardware reset) is allowed to restart the "measuring"
process in the TPM. For this to work securely, the blob must be
signed by someone that the TPM itself trusts - otherwise an attacker
could replace the blob by something that lies about the system state.
So, from a standpoint of hacking, it doesn't matter - users won't have
the practical freedom to modify the blob anyway because they can't
>From a standpoint of learning/sharing/review - I agree having the
source code would be very useful.
devel mailing list
to post comments)