code signing/secure boot sequence (Re: [OLPC-devel] Re: wireless/libertas: miscellaneous fixes)
Adam Back
adam at cypherspace.org
Mon Jul 10 16:41:48 EDT 2006
Chris Blizzard wrote:
> You don't have to drive it from a program that's contained in the
> BIOS - you just need to have enough set up to be able to load a
> program from somewhere else that can handle the real re-install.
I think you'll want to sign the images in this install process. Can
you use the RPM code signing to do it?
Seems like you'll be doing something a bit like the secure boot
sequences used by the TPM -- load a BIOS, it fetches the installer
over the network, verifies a signature on it, then goes to the next
stage; each stage verifying signatures on the next...
Adam
More information about the Devel
mailing list