Re: Read-protected UEFI variables

From: Alan Cox
Date: Mon Feb 19 2018 - 15:25:05 EST

Next message: David Lechner: "[PATCH v7 22/42] ARM: davinci: da850: add new clock init using common clock framework"
Previous message: David Lechner: "[PATCH v7 26/42] ARM: davinci: dm646x: add new clock init using common clock framework"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> If the UEFI is as secure as storing an unencrypted file on a hard
> drive, I am satisfied. Or do you have a better idea where to store the
> SSH keys for a diskless system that boots via network?

Store them in the TPM ?

If you are booting over a network and not doing some kind of TPM based
trusted boot check you already lost to a network attacker

Alan

Next message: David Lechner: "[PATCH v7 22/42] ARM: davinci: da850: add new clock init using common clock framework"
Previous message: David Lechner: "[PATCH v7 26/42] ARM: davinci: dm646x: add new clock init using common clock framework"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]