Hello! Alright, lets try to end the pointless (in the sense, that I guess noone here, including myself, will change their opinion anytime soon) TPM discussion and get something done.
First I'd say we can agree, that we don't agree on whether/how to use a TPM. I don't know about you, but I can perfectly live with that! Next I think we can agree, that some sort of trusted boot chain can be useful. Also there should be more than one implementation for this (or at least the possibility to have them). If we could agree on this, then I think we could find a way to extend the GRUB module system to fully allow this. From my point of view the minimal needed features for these systems are: - easy exchange of the MBR binary to be installed - easy exchange of the core.img loader binary - hooks for any disk read (not sure if write is necessary) (I didn't check if any of these is already implemented) Last part to agree on would then be, that these infrastructure features should be in the mainline code. That way it would be easy to develop various trusted boot solutions (and probably some other systems too), but keep all the controversial code out of mainline. Greets, Jan
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
