On Wed, 31 Mar 2010, Eric Paris wrote: > On Thu, 2010-04-01 at 08:51 +1100, James Morris wrote: > > On Wed, 31 Mar 2010, Eric Paris wrote: > > > > > This config option allows a user to download new (open source) software > > > (tboot) along with other third party software to verify the correctness > > > of the BOOTED system. > > > > My feeling is that this needs to be dealt with upstream, and that the open > > source tboot needs to be delivered first. > > Done and done. We are turning on an upstream config option..... Interesting -- looks like this went in without any signoffs from security folk. The last I recall upstream was objecting to the binary blob aspect. > > I'd love to see support for TXT -- I think we can do some very important > > things with it, but I don't think it's workable as open source if it > > depends on closed proprietary code. > > What is this code you speak of? You mention "They agreed to make any changes necessary to their BIOS (UEFI) to support this technology without the need for the separate closed source proprietary Intel signed blob" Does TXT still depend on this proprietary blob? - James -- James Morris <jmorris@xxxxxxxxx> _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel
