Fedora reexamines "trusted boot"
Posted Jul 3, 2011 12:04 UTC (Sun) by alonz
In reply to: Fedora reexamines "trusted boot"
Parent article: Fedora reexamines "trusted boot"
OK, I'll qualify my statements above a bit:
Trusted Boot has been shown to be ineffective as a general security measure for open environments.
If your system is managed centrally, and does not permit execution of locally-introduced code, you're likely OK. Also, if the only purpose of your trusted boot solution is access control to centrally-managed systems, your risk is at least controllable.
The issue with trusted boot is that it's often presented as a “magic bullet”—e.g., claiming that trusted boot (from a local disk!) is an effective countermeasure against rootkits.
to post comments)