Trust system write-up
Eric McCorkle
eric at metricspace.net
Tue Oct 24 10:44:18 UTC 2017
On 10/23/2017 21:09, Rozhuk Ivan wrote:
> On Mon, 23 Oct 2017 09:44:34 -0700
> "Simon J. Gerraty" <sjg at juniper.net> wrote:
>
>> With the advent of secure boot and TPM's, there is potentially scope
>> to allow for mixed control.
>
> TPM is closed hardware and software: you dont know what inside and how it works.
> Secure boot same crap: closed source with many known security holes.
>
I think it's necessary to support secure boot for commercial vendors and
such. I personally have no interest in Microsoft being able to certify
random programs to boot on my machines, and am much more interested in
things like coreboot.
There are, however, secure boot mechanisms such as the Power
architecture boot that maintain user control, and I'm hoping with the
rise of RISC-V that we'll see trustworthy hardware crypto and TPM-like
devices.
More information about the freebsd-arch
mailing list