| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Jun 2009 21:59:56 +0100 From: Matthew Garrett <mjg@...hat.com> To: Arjan van de Ven <arjan@...ux.intel.com> Cc: Dave Jones <davej@...hat.com>, Joseph Cihula <joseph.cihula@...el.com>, linux-kernel@...r.kernel.org, mingo@...e.hu, hpa@...or.com, andi@...stfloor.org, chrisw@...s-sol.org, jmorris@...ei.org, jbeulich@...ell.com, peterm@...hat.com, gang.wei@...el.com, shane.wang@...el.com Subject: Re: [RFC v5][PATCH 0b/4] intel_txt: Intel(R) Trusted Execution Technology support for Linux - Details On Wed, Jun 24, 2009 at 01:37:49PM -0700, Arjan van de Ven wrote: > Dave Jones wrote: >> This seems a little disingenious. Firmware isn't typically loaded by grub >> into main memory and executed by the host processor. >> >> so, is this all worthless without the binary blob ? >> >> "trust us, it's signed by intel" doesn't make me feel more secure. > > how's that different from your normal bios ? BIOSes can typically be replaced with trusted code. Is the source to the ACMs available? Is there any way for the owner of the machine to substitute their key for Intel's? -- Matthew Garrett | mjg59@...f.ucam.org -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists