ollie lho ollie@sis.com.tw writes:
Wow !! It is really a patent evil. Prof Arbaugh invented the patent but assigned it to U of Penn such that he and/or his student can not do some things related in U of Maryland ??
I wonder if there is enough wiggle room in there to walk around the patent in a LinuxBIOS scenario. Our standing assumptions are quite different, and there are some of the pieces suggested that have much cleaner alternatives.
As I slowly digest the ideas I have a very hard time with the idea of signing a boot block, and believing that will provide some measure of security and trust. At that point there is software chaining but more than that there is not enough room in a boot block to verify the loaded operating system. Unless someone is a lot more creative with 512 bytes that I am.
Quite a few of the pieces I know it is safe to write and deploy while they do not compose a complete solution. Teaching etherboot about IPsec is totally outside the scope of the patent, for example.
Though for Bill and his students there may be some good faith with the university system that keeps them from exercising all of their options.
Eric