Why not "SEC3" or better for everyone? That's where most major OEMs are today and constantly innovating/improving. Microsoft has device health thresholds in Win10 that align roughly to those levels too. :-)
-
-
-
SEC3 for some vendors is no problem. Dell hardware is not the average here, Dell are one of the leaders in this space. Here's a loaded question for you: Do any Dell platforms runtime-disable BootGuard by default? I bet you don't know the answer. :)
- Još 3 druga odgovora
Novi razgovor -
-
-
FYI: Many folks interested in these topics hang out in
#security-discuss on https://u-root.slack.com/ -
I think I need an invite. richard_at_hughsie_dot_com would appreciate it, thanks :)
- Još 1 odgovor
Novi razgovor -
-
-
Have you seen the work
@dwizzzleMSFT is doing around this?https://twitter.com/dwizzzleMSFT/status/1186298002731720704 … -
We have a protocol for attesting to the secure level of the device today. You can get a signed Json report out of enclave that contains most of the stuff proposed in the link
- Još 1 odgovor
Novi razgovor -
-
-
It is interesting to see apple's T2 up in the highest levels of integrity. I wonder if, eventually, FOSS community will look for similar solutions and strive to work with hardware manufacturers willing to produce it.
-
Such a thing (true silicon validation) is super expensive, even with IP-free cores. You'd need a team with a few tens of millions of dollars at their disposal.
- Još 2 druga odgovora
Novi razgovor -
-
-
-
Coreboot with BootGuard?! If so, that's amazing. Got any technical details?
- Još 4 druga odgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.