Chromium OS source released

Chromium OS source released

'Verified Boot' can be a valuable tool. It's a way for the user to know instantly if the kernel has been tampered with or modified.

It's the same thing with 'trusted computing module'. This is a valuable tool that can be used to verify the security of your system simply by rebooting. If properly setup then the module verifies your bootloader... your bootloader verifies your kernel.. your kernel verifies the initrd... the initrd environment verifies drivers and important system files... and then as your system boots it verifies binaries and scripts as it goes.

This way you can detect and fight kernel-level rootkits. If somebody installs a kernel module for your system they can use the kernel against you. This is a effective combat technique. Otherwise the only other reliable way is to use something like tripwire and boot up from read-only media and use a read-only database for verifying the contents of your filesystem. (or removable drive to off-network computer or something like that). Trusted Computing can dramatically lower the costs of keeping very secure OS and verifiable file system contents.

Whether this functionality is good or bad depends entirely on who holds the keys. If you, the owner of the computer and the OS, are in control of it then it's a fantastic thing. If the keys are held by somebody else then it can be used as a weapon or system of control against you and it is a bad thing.