> Now a signed bootloader has its uses, however in a properly designed > system you would allow the user to import their own keys.
The problem with this scheme is that a "trusted" os would in theory, with the users permission be able to some how update the trusted key repository on the firmware. Which means the security of your machine is as good as the security of your firmware / the OS that is "trusted" to update the keys. Given certain operating systems weak security record in the past, I would say that doing this would sadly amount to proving no security benefit at all ;) -- Sincerely, William Brown pgp.mit.edu http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x3C0AC6DAB2F928A2
signature.asc
Description: OpenPGP digital signature
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
