Opinions are quite welcome.
While it is early to pick hardware for vapor, it would be useful to plan on the firmware requirements, not just the OS. UEFI, Coreboot, or something else (what?). As well as if box should have TPM or not, if Intel, and TrustZone or not, if ARM, for OEM hareware requiements, and potentially for OS security stack requirements.
For example, I'd hope FreedomBox Foundation is looking for an OEM that'll build ARM-based boxes with TrustZone, using UEFI, which properly uses Secure Boot feature to load OS. And uses TPM/TrustZone to Securely Boot Linux-based FreedomBox, and to attest the software stack is still intact (like strongSwan's ipSec does).
I don't know if Linux-IMA is ready for ARM TrustZone. So you might only have a solution for x86 boxes at the moment. But, it'll be years before FBF is talking to OEMs, so perhaps time to fix that. :-)
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
