On Fri, Jun 24, 2011 at 12:49 PM, Andrew Haley <a...@redhat.com> wrote: > What I don't understand is why this feature requires a binary blob. > Surely whatever northbridge code is required can be free software, > Is this just security through obscurity?
The purpose of the blob is to "measure" the system state; only the blob (and hardware reset) is allowed to restart the "measuring" process in the TPM. For this to work securely, the blob must be signed by someone that the TPM itself trusts - otherwise an attacker could replace the blob by something that lies about the system state. So, from a standpoint of hacking, it doesn't matter - users won't have the practical freedom to modify the blob anyway because they can't sign it. >From a standpoint of learning/sharing/review - I agree having the source code would be very useful. Mirek -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
