Re: Trusted kernel patchset for Secure Boot lockdown

From: Florian Weimer
Date: Wed Mar 19 2014 - 14:10:39 EST


* One Thousand Gnomes:

>> For the Chrome OS use-case, it might be better described as "untrusted
>> userspace", but that seems unfriendly. :) The "trusted kernel" name
>> seems fine to me.
>
> Trusted is rather misleading. It's not trusted, it's *measured*.

I don't think anyone is doing any measurement. In particular, the
kernel does not know anything about the history of the boot process
and cannot provide any form of attestation. This is why this feature
is not very useful to end users.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/