Re: [RFC v5][PATCH 0b/4] intel_txt: Intel(R) Trusted ExecutionTechnology support for Linux - Details
From: Matthew Garrett
Date: Wed Jun 24 2009 - 17:00:21 EST
On Wed, Jun 24, 2009 at 01:37:49PM -0700, Arjan van de Ven wrote:
> Dave Jones wrote:
>> This seems a little disingenious. Firmware isn't typically loaded by grub
>> into main memory and executed by the host processor.
>>
>> so, is this all worthless without the binary blob ?
>>
>> "trust us, it's signed by intel" doesn't make me feel more secure.
>
> how's that different from your normal bios ?
BIOSes can typically be replaced with trusted code. Is the source to the
ACMs available? Is there any way for the owner of the machine to
substitute their key for Intel's?
--
Matthew Garrett | mjg59@xxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/