On Mon, Jan 07, 2013 at 03:29:01PM +0100, Xavi Drudis Ferran wrote:
For now secure boot only restricts what we boot (and the booted OS restricts the rest of what we run). But in the end the purpuse is to stablish a DRM scheme so that if a server can't prove that we're running software trusted by them (not us) then we won't be able to access content or even we'll be refused connection to the internet or whatever has to do with equipment controlled by someone else.
This. It's called 'remote attestation' (https://en.wikipedia.org/wiki/Trusted_Computing#Remote_attestation). An obvious (first?) application will be your bank, which will refuse you access to their online banking system unless you run a 'trusted' software stack. And you can be sure that their idea of a 'trusted' stack will be proprietary software, only.
Because we all know that Windows is the most secure operating system out there (/sarcasm).
Thanks, Ward.