Date: Sat, 09 Jun 2012 07:16:42 -0700 From: Randy Bush <randy@psg.com> To: freebsd-hardware@freebsd.org Subject: keying boot Message-ID: <m28vfwin91.wl%randy@psg.com> In-Reply-To: <20120609120030.A9E27106572E@hub.freebsd.org> <CAD2Ti29q6ij5Xht587_7gmDs%2BsWfStST=4C5abiF=Cg7FXi%2Byg@mail.gmail.com> References: <20120609120030.A9E27106572E@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> I did say "effectively". If people would actually read that chapter > in the spec (minimally 27.5) they would find that they can: > - Load a new PK without asking if in default SetupMode > - If not in SetupMode, chainload a new PK provided it is > signed by the current PK. > - Clear the PK in a 'secure platform specific method'. > > There's nothing that says PK SetupMode has to be a jumper. beware. what it is today may not be what it will be tomorrow. these are the folk who believe in Trusted Computing. http://en.wikipedia.org/wiki/Trusted_Computing randy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m28vfwin91.wl%randy>