From owner-freebsd-hardware@FreeBSD.ORG Sat Jun 9 14:16:43 2012 Return-Path: Delivered-To: freebsd-hardware@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BA9231065674 for ; Sat, 9 Jun 2012 14:16:43 +0000 (UTC) (envelope-from randy@psg.com) Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:1::36]) by mx1.freebsd.org (Postfix) with ESMTP id 99EA58FC0A for ; Sat, 9 Jun 2012 14:16:43 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=rair.psg.com.psg.com) by ran.psg.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from ) id 1SdMT4-000Mja-VA for freebsd-hardware@freebsd.org; Sat, 09 Jun 2012 14:16:43 +0000 Date: Sat, 09 Jun 2012 07:16:42 -0700 Message-ID: From: Randy Bush To: freebsd-hardware@freebsd.org In-Reply-To: <20120609120030.A9E27106572E@hub.freebsd.org> References: <20120609120030.A9E27106572E@hub.freebsd.org> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Subject: keying boot X-BeenThere: freebsd-hardware@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: General discussion of FreeBSD hardware List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 14:16:43 -0000 > I did say "effectively". If people would actually read that chapter > in the spec (minimally 27.5) they would find that they can: > - Load a new PK without asking if in default SetupMode > - If not in SetupMode, chainload a new PK provided it is > signed by the current PK. > - Clear the PK in a 'secure platform specific method'. > > There's nothing that says PK SetupMode has to be a jumper. beware. what it is today may not be what it will be tomorrow. these are the folk who believe in Trusted Computing. http://en.wikipedia.org/wiki/Trusted_Computing randy