Kevin Kofler wrote: > Matthew Garrett wrote: > > Measured boot is a process whereby each component in the boot chain > > "measures" the next component. In the TPM 1.x world (which is where > > most of us still are), that measurement is in the form of a SHA1 > > hash of the next component. So, on a BIOS system, the firmware > > measures itself, the firmware measures its configuration, the > > firmware measures any option ROMs on plugin cards, the firmware > > measures the MBR of the disk, the MBR measures the grub stage 1, > > the grub stage 1 measures the grub stage 2, the grub stage 2 > > measures the kernel and so on. > > Yet another Treacherous Computing "feature" that nobody needs!
That depends entirely on who controls the keys. It's treacherous only if the sysadmin doesn't have the secret key. Björn Persson
pgpFx0jOg1EnF.pgp
Description: OpenPGP digital signatur
-- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
