Re: Trusted Boot in Fedora

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Once upon a time, Camilo Mesias <camilo@xxxxxxxxxxxx> said:
> In a sense, part of it isn't under user control. There is a secret in
> there, held against the user, and possibly known by the manufacturer
> or other third parties. There is also a black box of code that could
> do anything.

You already have that; it is called System Management Mode.

> I'm not really that paranoid but it is worth considering
> the worst case, just as a theoretical possibility. What if the device
> became standard by virtue of being bundled with every consumer
> device... what if it became crucial to system operation somehow...

Fedora supporting or not supporting it will have zero impact on that
outcome happening or not happening.

> Already there are systems that have whitelisted hardware (eg. wireless
> cards in netbooks) and the BIOS polices the presence of the right
> device. If you make unauthorised modifications to the BIOS, you can
> install any compatible wireless card (or WWAN device). BUT if the BIOS
> was signed and loaded by a trusted method, this option would not be
> available.

All of that is pre-kernel, so either can or cannot happen no matter what
Fedora does.  None of that has any bearing on the technical discussion
about whether Fedora should or should not include this functionality in
the installer.

I think there is some misunderstanding about what the discussion is
supposed to be about.  The supporting open source code is already in
Fedora.  The feature request is simply to modify grubby/anaconda to set
up the boot entries to include the support by default (or when the
hardware is found).
-- 
Chris Adams <cmadams@xxxxxxxxxx>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux