[OpenIndiana-discuss] An article from "the register"
sommerfeld at alum.mit.edu
Thu Sep 22 22:01:14 UTC 2011
As I understand it:
1) trusted boot depends on a tpm, which is a small and slow cryptographic
peripheral device, either located in a separate chip or as an additional
function in a multifunction chip like a southbridge.
2) security of the tpm depends on the security of all instructions executed
by the CPU between the time of reset and the time the tpm is set up after
reset - this code forms the "core root of trust for measurement" and a
fundamental assumption of the architecture is that it is immutable.
3) as I understand it, the CRTM is typically found in the bios ROM.
So if you're concerned about being locked out by trusted boot, seek out:
1) motherboards with socketed bios chips
2) hardware known to work with an open-source bios.
(2 is more of stretch than 1, of course...)
More information about the OpenIndiana-discuss