Stefan Reinauer wrote: > * Carl-Daniel Hailfinger <[EMAIL PROTECTED]> [061207 13:19]: >>> Have BIOS check payload you mean? Or have payload check rootfs? I >>> guess they blend into one. >> Both. But the BIOS checking the payload is IMO key to a secure boot >> (if you don't trust the payload, you can't trust any assessment of >> rootfs security by the payload). > > But: If you can't "trust" the payload, how can you trust the other 64k > of LinuxBIOS in the flash?
You're right. I was unclear with my terminology. >>>> * Automatic authenticated BIOS updates >>> Are the details ironed out yet? Is userspace still involved? >> A paper was due a few weeks ago, but nothing has surfaced yet. > > Who is doing that? Ivan Krstic and others. I'll keep you updated. Regards, Carl-Daniel -- http://www.hailfinger.org/ -- linuxbios mailing list [email protected] http://www.openbios.org/mailman/listinfo/linuxbios
