On Wed, 31 Mar 2010, Eric Paris wrote: > Simple answer is 'because Intel says so.' I'm sorry but I don't think > I'm allowed to divulge any reasons Intel may or may not have shared with > Red Hat. It seems odd to me that the full design and operation of a security mechanism is not being made available, and that the reasons for this are also not able to be divulged. Note that an SINIT AC module was recently reverse engineered, found to be buggy, and then used break TXT: http://theinvisiblethings.blogspot.com/2009/12/another-txt-attack.html I really hope the secrecy of the AC module is not part of its security design. In any case, I don't see any technical reason not to enable the option. - James -- James Morris <jmorris@xxxxxxxxx> _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel
