Krishna Sankar (ksankar) wrote: > So, you are, in fact, putting some trust on the sl number, after > all ! ;o) In this case, why do you care - i.e. why tie developer keys > to a serial number ? It doesn't give us anything. Most probably folks > can spoof the sl # anyway.
I realized after sending that e-mail that you'd call me on it :) We're actually still not trusting the serial number in any dangerous sense. The LB payload _can_ trust the sl (there's no way to lie at that stage in the boot), which means that if I hand you a signing key that works for a machine with sl 'X', I know that you can't make a signed BIOS that will work on any other machine. Now, lying about your sl when you're requesting a developer signing key gives you the opportunity to replace the BIOS on targeted machines provided you can break into the machine some other way. But this doesn't scale; worm writers can't go and ask for signing keys for a million machines. In fact, if I saw more than about 20 dev key requests per million units shipped, I'd be pretty surprised. -- Ivan Krstić <[EMAIL PROTECTED]> | GPG: 0x147C722D _______________________________________________ Devel mailing list [email protected] http://mailman.laptop.org/mailman/listinfo/devel
