19.10.11, 09:51 - Linux
gepostet von web doc
This morning I stumbled across FSF's statement on secure booting your computer, and especially microsofts new windows8. microsoft is trying to let computer producers certificate their products for win8, which includes "secure booting" by UEFI, the modern bios replacement. (read http://www.uefi.org/specs/ specially the TPM part)gepostet von web doc
Basically this means that a system will only boot if its trustworthy:
a little chip on the motherbord (trusted platform module - TPM) is able to check the operating system for genuineness.
TPM goes a lot further and is able to do a lot more, like key generation, checking certificates, etc. Just imagine a little smartcard build into the computer.
now what lets the free software foundation run wild?
the fear that Trusted Computing (TC) can be used to prevent operating systems to boot, that are not certified, because they have no certificate, like free software operating systems. From Wikipedia:
TC is controversial because it is technically possible not just to secure the hardware for its owner, but also to secure against its owner.
(ever tried to run linux on a XBOX360? hehe same trick here...)
BUT
First: TPM /UEFI can be used by linux to make it more secure. The Linux kernel has driver support for TPM chips since 2.6.12 and EFI since 2.6.25
Second: It will be a big win for linux to use it.
Third: TC is per definition Software neutral. Read the Trusted computing group homepage.
read http://lwn.net/Articles/144681/ :
The point is that there are legitimate uses for a hardware-based mechanism which can, with a reasonable level of confidence, verify that a system's software has not been compromised.
this is exactly what i try to say.
If UEFI is implemented the right way, there is no need to fear anything, and no need to trouble over microsofts call to make computers more save. even i do admit to use TMP n some cases.
yours,
webdoc
kommentare anschauen (abgeben derzeit deaktiviert)
( 3006 mal angeschaut )
| Permalink