It works the same way that SSL certificates work. You have a trusted root key burned into the hardware. A software vendor can get their key signed by the holder of the trusted root key. The vendor can then sign boot images. The key matter is who controls what keys are on the list of trusted root keys (the equivalent of SSL's CA bundle or the Authorities tab in Firefox's certificates window).

[ Reply to This | Parent | # ]

• Not quite the same - Authored by: Anonymous on Saturday, June 02 2012 @ 07:26 AM EDT

Let me make this perfectly clear for you: Bill Veghte, only five months ago the head of Microsoft's Windows division, is now Chief Operating Officer of HP. By October he might be CEO. Who do you think is going to authorize or deny the insertion of non-Microsoft crypto keys into HP desktop and laptop TPM chips to enable the loading of non-Windows operating systems? Bill Veghte. If HP fails to do so what other PC OEM would dare risk the ire of The Beast?

The timing is not coincidental. This is a done deal.

[ Reply to This | Parent | # ]

• RE: I still don't understand. - Authored by: rcsteiner on Saturday, June 02 2012 @ 08:20 PM EDT
  • RE: I still don't understand. - Authored by: symbolset on Saturday, June 02 2012 @ 10:10 PM EDT
    • RE: I still don't understand. - Authored by: PJ on Sunday, June 03 2012 @ 11:18 AM EDT
      • RE: I still don't understand. - Authored by: symbolset on Sunday, June 03 2012 @ 02:44 PM EDT
    • RE: I still don't understand. - Authored by: tknarr on Sunday, June 03 2012 @ 12:35 PM EDT
    • there is an alternate explanation .... - Authored by: nsomos on Sunday, June 03 2012 @ 02:37 PM EDT