Date: Sat, 09 Jun 2012 07:16:42 -0700 From: Randy Bush <randy@psg.com> To: freebsd-hardware@freebsd.org Subject: keying boot Message-ID: <m28vfwin91.wl%randy@psg.com> In-Reply-To: <20120609120030.A9E27106572E@hub.freebsd.org> <CAD2Ti29q6ij5Xht587_7gmDs%2BsWfStST=4C5abiF=Cg7FXi%2Byg@mail.gmail.com> References: <20120609120030.A9E27106572E@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> I did say "effectively". If people would actually read that chapter
> in the spec (minimally 27.5) they would find that they can:
> - Load a new PK without asking if in default SetupMode
> - If not in SetupMode, chainload a new PK provided it is
> signed by the current PK.
> - Clear the PK in a 'secure platform specific method'.
>
> There's nothing that says PK SetupMode has to be a jumper.
beware. what it is today may not be what it will be tomorrow. these
are the folk who believe in Trusted Computing.
http://en.wikipedia.org/wiki/Trusted_Computing
randy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m28vfwin91.wl%randy>