Trusted Boot in Fedora
Eric Paris
eparis at redhat.com
Thu Jun 23 01:57:10 UTC 2011
On 06/22/2011 03:01 PM, Jon Ciesla wrote:
>
>> Outside that, is there any other impact? Does tboot perform any
>> verification of the kernels, and if so how is that configured? Is the
>> expectation that an install configured with TXT will only boot trusted
>> kernels, and if so what mechanism is used to verify the kernel? Is there
>> any further integration work that has to be performed for this to be
>> useful?
>
> If so, is there a mechanism to disable that functionality, or mark a
> kernel as trusted, so that I could, for example, run a kernel I built
> myself or one from another RPM?
By default this would not be enabled. And even if so, out of the box
the only thing it will ever do it measure the kernel you built and store
that info. You would be able to create your own lcp which only allowed
whatever kernels you wished, but that's a whole different issue than
what is being asked for here.
-Eric
More information about the devel
mailing list