[LinuxBIOS] C3 Lightning Talk abstract
Carl-Daniel Hailfinger
c-d.hailfinger.devel.2006 at gmx.net
Thu Dec 7 13:19:17 CET 2006
Peter Stuge wrote:
> Great stuff! Thanks for the input!
>
> On Thu, Dec 07, 2006 at 02:16:47AM +0100, Carl-Daniel Hailfinger wrote:
>> * Authenticated booting
>
> Have BIOS check payload you mean? Or have payload check rootfs? I
> guess they blend into one.
Both. But the BIOS checking the payload is IMO key to a secure boot
(if you don't trust the payload, you can't trust any assessment of
rootfs security by the payload).
>> * Using any TPM against the intention of the vendor
>
> By using a payload that does tricks before the TPM starts up?
Yes. Some factory BIOSes seem to lock the TPM and/or do other
(for that startup) irrevokable stuff. Using LinuxBIOS gives you
full freedom in messing with the TPM (and you could use Vanderpool/
Pacifica to virtualize access to the TPM).
>>> * Mention OLPC. (But what are the important points?)
>> * BIOS can already use wireless
>
> What's it used for?
Booting over wireless if the local flash "hard drive" has been
corrupted. Sort of a recovery mode when no wired network
connection is available.
>> * Automatic authenticated BIOS updates
>
> Are the details ironed out yet? Is userspace still involved?
A paper was due a few weeks ago, but nothing has surfaced yet.
Regards,
Carl-Daniel
--
http://www.hailfinger.org/
More information about the coreboot
mailing list