Re: enable CONFIG_INTEL_TXT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2010-04-01 at 15:02 +1100, James Morris wrote:
> On Wed, 31 Mar 2010, Eric Paris wrote:
> 
> > Simple answer is 'because Intel says so.'  I'm sorry but I don't think
> > I'm allowed to divulge any reasons Intel may or may not have shared with
> > Red Hat.
> 
> It seems odd to me that the full design and operation of a security 
> mechanism is not being made available, and that the reasons for this 
> are also not able to be divulged.
> 
> Note that an SINIT AC module was recently reverse engineered, found to be 
> buggy, and then used break TXT:
> 
> http://theinvisiblethings.blogspot.com/2009/12/another-txt-attack.html
> 
> I really hope the secrecy of the AC module is not part of its security 
> design.
> 
> In any case, I don't see any technical reason not to enable the option.

As far as I know the security of TXT in no way relies upon keeping the
SINIT module closed source.

-- 
Stephen Smalley
National Security Agency

_______________________________________________
kernel mailing list
kernel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/kernel

[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Tux]     [Yosemite News]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [USB]     [Asterisk PBX]

  Powered by Linux