[OpenIndiana-discuss] An article from "the register"

Bill Sommerfeld sommerfeld at alum.mit.edu
Thu Sep 22 22:01:14 UTC 2011


As I understand it:

 1) trusted boot depends on a tpm, which is a small and slow cryptographic
peripheral device, either located in a separate chip or as an additional
function in a multifunction chip like a southbridge.

 2) security of the tpm depends on the security of all instructions executed
by the CPU between the time of reset and the time the tpm is set up after
reset - this code forms the "core root of trust for measurement" and a
fundamental assumption of the architecture is that it is immutable.

 3) as I understand it, the CRTM is typically found in the bios ROM.

So if you're concerned about being locked out by trusted boot, seek out:
 1) motherboards with socketed bios chips
 2) hardware known to work with an open-source bios.

(2 is more of stretch than 1, of course...)

					- Bill



More information about the OpenIndiana-discuss mailing list