Re: Trusted kernel patchset for Secure Boot lockdown
From: Matthew Garrett
Date: Fri Mar 14 2014 - 15:25:12 EST
On Fri, 2014-03-14 at 14:11 -0400, Matthew Garrett wrote:
> The fact that you keep saying measured really does make me suspect that
> you misunderstand the problem. There's no measurement involved, there's
> simply an assertion that the firmware (which you're forced to trust)
> chose, via some policy you may be unaware of, to trust the booted
> kernel.
As an example, imagine a platform with the bootloader and kernel on
read-only media. The platform can assert that the kernel is trusted even
if there's no measurement of the kernel.
--
Matthew Garrett <matthew.garrett@xxxxxxxxxx>
N§²æ¸yú²X¬¶ÇvØ)Þ{.nÇ·¥{±êX§¶¡Ü}©²ÆzÚj:+v¨¾«êZ+Êzf£¢·h§~Ûÿû®w¥¢¸?¨è&¢)ßfùy§m
á«a¶Úÿ0¶ìå