[LinuxBIOS] C3 Lightning Talk abstract

Carl-Daniel Hailfinger c-d.hailfinger.devel.2006 at gmx.net
Thu Dec 7 13:19:17 CET 2006

Peter Stuge wrote:
> Great stuff! Thanks for the input!
> On Thu, Dec 07, 2006 at 02:16:47AM +0100, Carl-Daniel Hailfinger wrote:
>> * Authenticated booting
> Have BIOS check payload you mean? Or have payload check rootfs? I
> guess they blend into one.

Both. But the BIOS checking the payload is IMO key to a secure boot
(if you don't trust the payload, you can't trust any assessment of
rootfs security by the payload).

>> * Using any TPM against the intention of the vendor
> By using a payload that does tricks before the TPM starts up?

Yes. Some factory BIOSes seem to lock the TPM and/or do other
(for that startup) irrevokable stuff. Using LinuxBIOS gives you
full freedom in messing with the TPM (and you could use Vanderpool/
Pacifica to virtualize access to the TPM).

>>> * Mention OLPC. (But what are the important points?)
>> * BIOS can already use wireless
> What's it used for?

Booting over wireless if the local flash "hard drive" has been
corrupted. Sort of a recovery mode when no wired network
connection is available.

>> * Automatic authenticated BIOS updates
> Are the details ironed out yet? Is userspace still involved?

A paper was due a few weeks ago, but nothing has surfaced yet.


More information about the coreboot mailing list