[coreboot] [SPAM] Re: Feedback On Coreboot: the Solution to the SecureBoot Fiasco
Ward Vandewege
ward at gnu.org
Mon Jan 7 21:35:31 CET 2013
On Mon, Jan 07, 2013 at 03:29:01PM +0100, Xavi Drudis Ferran wrote:
> For now secure boot only restricts what we boot (and the booted OS restricts the rest
> of what we run). But in the end the purpuse is to stablish a DRM scheme so that
> if a server can't prove that we're running software trusted by them (not us) then we won't
> be able to access content or even we'll be refused connection to the internet or whatever
> has to do with equipment controlled by someone else.
This. It's called 'remote attestation'
(https://en.wikipedia.org/wiki/Trusted_Computing#Remote_attestation). An
obvious (first?) application will be your bank, which will refuse you access
to their online banking system unless you run a 'trusted' software stack. And
you can be sure that their idea of a 'trusted' stack will be proprietary
software, only.
Because we all know that Windows is the most secure operating system out
there (/sarcasm).
Thanks,
Ward.
More information about the coreboot
mailing list