Peter Stuge wrote:
Great stuff! Thanks for the input!
On Thu, Dec 07, 2006 at 02:16:47AM +0100, Carl-Daniel Hailfinger wrote:
- Authenticated booting
Have BIOS check payload you mean? Or have payload check rootfs? I guess they blend into one.
Both. But the BIOS checking the payload is IMO key to a secure boot (if you don't trust the payload, you can't trust any assessment of rootfs security by the payload).
- Using any TPM against the intention of the vendor
By using a payload that does tricks before the TPM starts up?
Yes. Some factory BIOSes seem to lock the TPM and/or do other (for that startup) irrevokable stuff. Using LinuxBIOS gives you full freedom in messing with the TPM (and you could use Vanderpool/ Pacifica to virtualize access to the TPM).
- Mention OLPC. (But what are the important points?)
- BIOS can already use wireless
What's it used for?
Booting over wireless if the local flash "hard drive" has been corrupted. Sort of a recovery mode when no wired network connection is available.
- Automatic authenticated BIOS updates
Are the details ironed out yet? Is userspace still involved?
A paper was due a few weeks ago, but nothing has surfaced yet.
Regards, Carl-Daniel