Re: [RFC v5][PATCH 0b/4] intel_txt: Intel(R) Trusted ExecutionTechnology support for Linux - Details

From: Matthew Garrett
Date: Wed Jun 24 2009 - 17:00:21 EST

Next message: Thomas Gleixner: "Re: [PATCH -tip] perf_counter tools: shorten names for events"
Previous message: Greg KH: "Re: [PATCH 3/3] Fix oops when unexisting usb serial device isopened."
In reply to: Dave Jones: "Re: [RFC v5][PATCH 0b/4] intel_txt: Intel(R) Trusted ExecutionTechnology support for Linux - Details"
Next in thread: Alan Cox: "Re: [RFC v5][PATCH 0b/4] intel_txt: Intel(R) Trusted ExecutionTechnology support for Linux - Details"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jun 24, 2009 at 01:37:49PM -0700, Arjan van de Ven wrote:
> Dave Jones wrote:
>> This seems a little disingenious. Firmware isn't typically loaded by grub
>> into main memory and executed by the host processor.
>>
>> so, is this all worthless without the binary blob ?
>>
>> "trust us, it's signed by intel" doesn't make me feel more secure.
>
> how's that different from your normal bios ?

BIOSes can typically be replaced with trusted code. Is the source to the
ACMs available? Is there any way for the owner of the machine to
substitute their key for Intel's?

--
Matthew Garrett | mjg59@xxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Thomas Gleixner: "Re: [PATCH -tip] perf_counter tools: shorten names for events"
Previous message: Greg KH: "Re: [PATCH 3/3] Fix oops when unexisting usb serial device isopened."
In reply to: Dave Jones: "Re: [RFC v5][PATCH 0b/4] intel_txt: Intel(R) Trusted ExecutionTechnology support for Linux - Details"
Next in thread: Alan Cox: "Re: [RFC v5][PATCH 0b/4] intel_txt: Intel(R) Trusted ExecutionTechnology support for Linux - Details"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]