On Fri, Mar 01, 2013 at 04:38:39PM -0700, Chris Murphy wrote: > Where does TCG OPAL support fit into this? I'm getting a strong sense of > an almost complete lack of trust by OSS and TCG. But setting aside TPM, > isn't it possible to support OPAL compliant SED drives? There are now > consumer drives, and in particular SSDs, that implement this. It seems > like a waste for the drive to always do encryption, and simply have no > access for managing it, including lock/unlock. The big henderance to using TCG Silos is suspend+resume - across a power reset the drive shuts down and needs to be re-authenticated with before we can see it again, which means some code has to be run from somewhere to get the PIN from the user to unlock it, but at the same time we have to not touch the disk to e.g. page anything in or load any new code. So you'd need to have a handler for that (that looks reasonable!) pinned in memory before suspending. That's kind of awful. Until there's a good solution for that* means it's primarily useful for optional data drives, not a system disk. * I know of one solution for it. It is as far from good as possible. -- Peter _______________________________________________ Anaconda-devel-list mailing list Anaconda-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/anaconda-devel-list