LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora reexamines "trusted boot"

Fedora reexamines "trusted boot"

Posted Jul 3, 2011 12:04 UTC (Sun) by alonz (subscriber, #815)
In reply to: Fedora reexamines "trusted boot" by geofft
Parent article: Fedora reexamines "trusted boot"

OK, I'll qualify my statements above a bit:
Trusted Boot has been shown to be ineffective as a general security measure for open environments.

If your system is managed centrally, and does not permit execution of locally-introduced code, you're likely OK. Also, if the only purpose of your trusted boot solution is access control to centrally-managed systems, your risk is at least controllable.

The issue with trusted boot is that it's often presented as a “magic bullet”—e.g., claiming that trusted boot (from a local disk!) is an effective countermeasure against rootkits.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds