On Mon, 10 Oct 2005 15:03:33 -0400 Jonathan S. Shapiro (JSS) wrote: JSS> Curiously enough, I think there is more reason for confidence in the JSS> secure boot hardware than the processor, for three reasons: JSS> JSS> 1. The boot hardware is actually pretty simple.
No matter how simple the boot hardware is, you still have to rely on the boot software. Grub code wasn't the most beautiful piece of software last time I looked and most BIOS writers have proven to be notoriously bad at configuring the platform. ACPI itself is a huge piece of HW/SW interaction with ample opportunity to shoot yourself in the foot. Not to mention SMM, which is completely transparent to any software, except the BIOS. JSS> 2. We have seen long-term success by the CA's in guarding the root keys I agree with that one. JSS> 3. We have known for years about supervisor-mode holes in all of the JSS> current commodity processors. Can you please clarify what you mean by "supervisor-mode hole" and/or give some examples of such processor errata? -Udo.
pgp0bFmhDBnZE.pgp
Description: PGP signature
_______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
