On Tue, Feb 26, 2013 at 4:21 AM, Matthew Garrett <mj...@srcf.ucam.org> wrote: > On Tue, Feb 26, 2013 at 02:07:22AM -0800, Raymond Jennings wrote: >> Just curious here, but is this as much of an issue if a user is >> somehow able to take ownership of his own machine? > > No, if you're doing your own key management then it's no problem at > all. > >> I'm assuming this is related to TPM somehow. > > No, completely unrelated.
Almost completely. As Matthew I'm sure knows, TPM is also used to establish a chain of trust, but not using signed firmware/kernel/modules, but chained hashes that are later signed using the TPM. It does avoid the issue of embedding keys from a centralized authority in your box's firmware. Kent > -- > Matthew Garrett | mj...@srcf.ucam.org > -- > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majord...@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
