As I understand it:
1) trusted boot depends on a tpm, which is a small and slow cryptographic
peripheral device, either located in a separate chip or as an additional
function in a multifunction chip like a southbridge.
2) security of the tpm depends on the security of all instructions executed
by the CPU between the time of reset and the time the tpm is set up after
reset - this code forms the "core root of trust for measurement" and a
fundamental assumption of the architecture is that it is immutable.
3) as I understand it, the CRTM is typically found in the bios ROM.
So if you're concerned about being locked out by trusted boot, seek out:
1) motherboards with socketed bios chips
2) hardware known to work with an open-source bios.
(2 is more of stretch than 1, of course...)
- Bill
_______________________________________________
OpenIndiana-discuss mailing list
[email protected]
http://openindiana.org/mailman/listinfo/openindiana-discuss
