Chris Adams <cmadams <at> hiwaay.net> writes: > ... > I think there is some misunderstanding about what the discussion is > supposed to be about. The supporting open source code is already in > Fedora. The feature request is simply to modify grubby/anaconda to set > up the boot entries to include the support by default (or when the > hardware is found). Hi, I think Fedora should be careful here - it is a minefield. It is treacherous, as already expressed by other and competent people. Respect them, there was a reason they said that. I personally think that free and open-source product should stay away from TPM entirely. One one hand - it is about trusted boot: This can already be achieved partially now, with open-source tools (GPG, etc), and can be enhanced with e.g. a combination of hardware/software solution that would be *non-hardwired*, *portable*, *open-source* and *"free"*, and up to machine owner and user to utilize. Signed where appropriate with *your* GPG key. Think of what the trend and the state-of-art-and-mind are in regard to this; Iwao's post is very helpful here. http://lists.fedoraproject.org/pipermail/devel/2011-June/153456.html This could be achieved now or soon without deep fundamental considerations, by the open-source community itself. On the other hand - it is about OS isolation (OS rings): Ring (computer security) http://en.wikipedia.org/wiki/Ring_%28computer_security%29 This is a separate issue, in my mind. In this sense, TPM is about "ring -1", and in the future "ring -2", etc :-) This is about virtualization, and more. It goes much deeper into OS design and architecture, hardware and software. It should be addressed fundamentally by competent people, companies and organizations. Leave it to them, but watch and participate. Finally. Btw, TPM, or TXT exactly, can be hacked too (that has been done already). JB -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel