Date: Tue, 24 Oct 2017 06:44:12 -0400 From: Eric McCorkle <eric@metricspace.net> To: Rozhuk Ivan <rozhuk.im@gmail.com>, "Simon J. Gerraty" <sjg@juniper.net> Cc: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>, freebsd-arch@freebsd.org Subject: Re: Trust system write-up Message-ID: <eb912ecf-0ffe-ab4f-4812-cb28e22bb767@metricspace.net> In-Reply-To: <20171024040925.1918f3cb@rimwks> References: <1a9bbbf6-d975-0e77-b199-eb1ec0486c8a@metricspace.net> <20171023071120.GA72383@blogreen.org> <cd7d0bfa-d620-1382-3ce6-28db874e6049@metricspace.net> <67125.1508777074@kaos.jnpr.net> <20171024040925.1918f3cb@rimwks>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/23/2017 21:09, Rozhuk Ivan wrote: > On Mon, 23 Oct 2017 09:44:34 -0700 > "Simon J. Gerraty" <sjg@juniper.net> wrote: > >> With the advent of secure boot and TPM's, there is potentially scope >> to allow for mixed control. > > TPM is closed hardware and software: you dont know what inside and how it works. > Secure boot same crap: closed source with many known security holes. > I think it's necessary to support secure boot for commercial vendors and such. I personally have no interest in Microsoft being able to certify random programs to boot on my machines, and am much more interested in things like coreboot. There are, however, secure boot mechanisms such as the Power architecture boot that maintain user control, and I'm hoping with the rise of RISC-V that we'll see trustworthy hardware crypto and TPM-like devices.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?eb912ecf-0ffe-ab4f-4812-cb28e22bb767>