On Thu, Jan 31, 2013 at 12:40 AM, Wei, Gang <gang.wei@xxxxxxxxx> wrote: > Bill Nottingham wrote on 2013-01-29: >> Jaroslav Reznik (jreznik@xxxxxxxxxx) said: >>> = Features/OpenAttestation = >>> https://fedoraproject.org/wiki/Features/OpenAttestation >>> >>> Feature owner(s): Gang Wei <gang.wei@xxxxxxxxx> >>> >>> Provide fedora packages for OpenAttestation to support Trusted Compute >>> Pools(TCP) feature in OpenStack since Folsom release & in future oVirt >>> releases. >> >> Wow, TCP is a horribly unfortunate acronym collision. >> >>> == Detailed description == >>> This feature would include mostly packaging OpenAttestation project for >>> fedora. >>> >>> * the source package will be named oat >>> * the binary packages will include oat-appraiser & oat-client <snip> >> How does it intend to attest the OS in a rapidly updating Fedora >> environment? Just the kernel + initramfs? An image-based checksum such >> as what is used in ChromeOS? > > By far, just kernel + initramfs. Every time the kernel/initramfs got updated, > the Know Good Value in OpenAttestation Server should be updated to take new > kernel/initramfs as "trusted" one. Does this feature require any kernel options set in the Fedora kernel? The dependency on Intel TXT machines and tboot would lead me to believe that it might require IMA/EVA support. Is that the case? If so, those are currently disabled in the Fedora kernel. josh -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
