2011/6/24 Tomas Mraz <tmraz@xxxxxxxxxx>: > On Fri, 2011-06-24 at 11:10 +0200, Miloslav Trmač wrote: >> On Fri, Jun 24, 2011 at 10:24 AM, Gregory Maxwell <gmaxwell@xxxxxxxxx> wrote: >> > If trusted boot in fedora is widely deployed, then $random_things may >> > demand I use a particular fedora kernel in order to access them. >> >> I can't see how it would make any difference whether Fedora supports >> the feature or not - after all, any vendor can add patch Fedora to add >> TPM support and then "$random_things may demand you use a particular >> vendor-modified Fedora in order to access them" - or a particular >> non-Fedora operating system, just as well. The userbase of Fedora as a whole is substantially larger than the userbase of fedora users who run non-default kernels. The small benefit of mandatory remote attestation could be far more easily outweighed by the loss of the whole Fedora userbase than it could be outweighed by the loss of the tiny subset of the Fedora users who are actively practicing the freedom's theoretically provided by Fedora (and wouldn't simply stop if the freedom was made costly by a restriction). [I can make clear examples of cases where large relevant internet resources chose to exclude userbases larger than Fedora-users-with-modified kernels for just slight convenience, but took inconvenience to support ones comparable in size to Fedora, but I'm trying to stay scrupulously on-topic] > Yes, I completely agree. What Gregory tries to emphasis here - as I > understand it, of course he might have a different intention - is purely > politics and I do not think, that Fedora should involve in political > decisions in one way or another. > > If the feature conforms to Fedora legal requirements and the developers > of the affected packages are OK with integrating necessary patches, it > should be allowed. I'm puzzled by this response. Would you also support Fedora packaging and distributing proprietary binary only applications offered under a license which legally allows Fedora to do so, but which disallowed the end user the freedom to modify and understand the software? How is this also not equally political? The Fedora project has a specific mission with numerous points around software innovation which is grounded on a set of foundational principles with include the users freedom. A likely end result of the default inclusion of this functionality will degrade these goals. (And if you do not think that remote attestation will ever be used to regulate access as has been proposed here, what do you intend to use it for?) Personally, I think it is of greater practical concern to me that I retain the ability to have equal functionality via my system no matter if I run a non-standard kernel or not, more practically important that if fedora ships a few binary-only applications here and there. More technically, can the software be modified to refuse to disclose the signature which links the chip specific TPM key to any third party TPM trust root? If this were not disclosed the functionality could not be used for third party attestation, but e.g. users could still use it to make sure a root kit had not been installed on one of their systems before remotely providing keys because they could simply remember their hardware's keys rather than validating them against the manufacturers keys, but a third party that wanted to deny access to non-standard fedora configurations would have no way to know if the attestation were authentic. Users could still boot into a special modified kernel to obtain that linkage, but I believe the simple roadblock of not making it available by default would address my concerns. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
