Peter Stuge wrote: > Great stuff! Thanks for the input! > > On Thu, Dec 07, 2006 at 02:16:47AM +0100, Carl-Daniel Hailfinger wrote: >> * Authenticated booting > > Have BIOS check payload you mean? Or have payload check rootfs? I > guess they blend into one.
Both. But the BIOS checking the payload is IMO key to a secure boot (if you don't trust the payload, you can't trust any assessment of rootfs security by the payload). >> * Using any TPM against the intention of the vendor > > By using a payload that does tricks before the TPM starts up? Yes. Some factory BIOSes seem to lock the TPM and/or do other (for that startup) irrevokable stuff. Using LinuxBIOS gives you full freedom in messing with the TPM (and you could use Vanderpool/ Pacifica to virtualize access to the TPM). >>> * Mention OLPC. (But what are the important points?) >> * BIOS can already use wireless > > What's it used for? Booting over wireless if the local flash "hard drive" has been corrupted. Sort of a recovery mode when no wired network connection is available. >> * Automatic authenticated BIOS updates > > Are the details ironed out yet? Is userspace still involved? A paper was due a few weeks ago, but nothing has surfaced yet. Regards, Carl-Daniel -- http://www.hailfinger.org/ -- linuxbios mailing list [email protected] http://www.openbios.org/mailman/listinfo/linuxbios
