|
|
|
|
|
|
by mindslight
4106 days ago
|
|
|
Like secure boot, it ultimately comes down to who has the keys. If you generated the signing key and loaded it onto the hardware (or generated on-chip but it's signed by nothing else), then I don't see the problem. If the hardware has a factory-generated private key that you cannot get at and the corresponding public key can be verified through some well known trust root, then a third party can ask you to attest to what software is running on your hardware and you cannot lie. This custom hasn't materialized yet, but it's not too hard to imagine it catching on after support winds its way up the software stack. What are the specifics of your setup? |
|
|