[CentOS] TPM and secure boot
John R Pierce
pierce at hogranch.com
Sun May 19 21:38:29 UTC 2013
On 5/19/2013 2:06 PM, Reindl Harald wrote:
> Am 19.05.2013 22:59, schrieb John R Pierce:
>> >is this typically used in conjunction with disk encryption such that the
>> >TPM module supplies the decryption keys? does linux have any concept
>> >of signed executables, kernel, and so forth? would replacing the RPM
>> >keys with keys signed by our own certificate authority such that the TPM
>> >would be involved in RPM authentication be practical?
> did you not read any IT news in the last year?
> forget it on CentOS / RHEL currently
>
> even Fedora is far far away from what you think you need and the
> complete chain of trust is more or less impossible on a opensource
> system without make any 3rd party kernel module completly impossible
>
> https://fedoraproject.org/wiki/Secureboot
> http://www.networkworld.com/community/blog/microsofts-secure-boot-red-hat-request-ignites-linus-torvalds-nsfw-flame-war
>
TPM is not the same as the new secureboot UEFI BIOS stuff. this is an
optional module (tamperproofed so if its unplugged, it erases) on most
server motherboards, you initialize it with your OWN security keys if
you want to use it, Microsoft has nothing to do with it. TPM has been
around since 2006 or earlier.
--
john r pierce 37N 122W
somewhere on the middle of the left coast
More information about the CentOS
mailing list