Hi Maxim. This area is a bit murky since there is a lot of overlap between the notions of secure boot, trusted boot, and measured boot.
If it had to venture an answer, I'd say the benefit of TXT is that it provides finer-grained measurements and visibility into the secure boot process. I don't know enough about the measured boot component of UEFI Secure Boot, though. It may already be using TXT. Intel answered a forum question similar to yours here: http://software.intel.com/en-us/forums/topic/391211 They refer to a summary article by Microsoft here: http://technet.microsoft.com/en-us/windows/dn168167.aspx Here's a post about an open source UEFI secure boot shim: http://mjg59.dreamwidth.org/20303.html And we have some general TXT-related links here: http://privatecore.com/resources-overview/server-attestation/ On Sat, Jun 22, 2013 at 7:38 AM, Maxim Kammerer <[email protected]> wrote: > Hi Steve, a technical (and perhaps stupid) question: > > On Sat, Jun 22, 2013 at 1:49 AM, Steve Weis <[email protected]> wrote: > > The host H will have a trusted platform module (TPM). When H boots up, it > > will measure all software state into platform control registers (PCRs) in > > the TPM. See Intel Trusted Execution Technology (TXT) for more info how > this > > works. > > Does TXT provide any benefit over UEFI Secure Boot? I remember looking > into integrating TXT, and it seemed like something not too > well-supported, and essentially superseded by better-established > standards like Secure Boot. > > -- > Maxim Kammerer > Liberté Linux: http://dee.su/liberte > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at [email protected] or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech >
-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
