Oliver Neukum <oneu...@suse.com> writes: > I think we would need to use a form of public key cryptography > in the same manner used to verify authorship of emails. The host > would provide a nonce value that the device encrypts and returns. > The host would verify the signature.
We could initially provision the devices with a unique key and provide the public half on a piece of paper. You'd have to get that into the kernel before the system needed any entropy though, and that seems hard. -- -keith
signature.asc
Description: PGP signature
