On 24/06/11 20:49, Miloslav Trmač wrote: > On Fri, Jun 24, 2011 at 12:49 PM, Andrew Haley <a...@redhat.com> wrote: >> What I don't understand is why this feature requires a binary blob. >> Surely whatever northbridge code is required can be free software, >> Is this just security through obscurity? > > The purpose of the blob is to "measure" the system state; only the > blob (and hardware reset) is allowed to restart the "measuring" > process in the TPM. For this to work securely, the blob must be > signed by someone that the TPM itself trusts - otherwise an attacker > could replace the blob by something that lies about the system state. > > So, from a standpoint of hacking, it doesn't matter - users won't have > the practical freedom to modify the blob anyway because they can't > sign it.
What we're saying, then, is that the TPM doesn't trust the owner of the computer, but its manufacturer. It's impossible for a user to decide who they trust. Surely, from a Fedora standpoint, this is a complete non-starter. Andrew. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
