Trusted Boot in Fedora

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



http://fedoraproject.org/wiki/Features/Trusted_Boot is a proposed 
feature for F16. We've traditionally had a hard objection to the 
functionality because it required either the distribution or downloading 
of binary code that ran on the host CPU, but it seems that there'll 
shortly be systems that incorporate the appropriate sinit blob in their 
BIOS, which is a boundary we've traditionally been fine with.

However, this is the kind of feature that has a pretty significant 
impact on the distribution as a whole. Fesco decided that we should 
probably have a broader discussion about the topic. The most obvious 
issues are finding a sensible way to incorporate this into Anaconda, but 
it's also then necessary to make sure that bootloader configuration is 
updated appropriately.

Outside that, is there any other impact? Does tboot perform any 
verification of the kernels, and if so how is that configured? Is the 
expectation that an install configured with TXT will only boot trusted 
kernels, and if so what mechanism is used to verify the kernel? Is there 
any further integration work that has to be performed for this to be 
useful?

-- 
Matthew Garrett | mjg59@xxxxxxxxxxxxx
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux