enable CONFIG_INTEL_TXT
James Morris
jmorris at namei.org
Thu Apr 1 04:02:49 UTC 2010
On Wed, 31 Mar 2010, Eric Paris wrote:
> Simple answer is 'because Intel says so.' I'm sorry but I don't think
> I'm allowed to divulge any reasons Intel may or may not have shared with
> Red Hat.
It seems odd to me that the full design and operation of a security
mechanism is not being made available, and that the reasons for this
are also not able to be divulged.
Note that an SINIT AC module was recently reverse engineered, found to be
buggy, and then used break TXT:
http://theinvisiblethings.blogspot.com/2009/12/another-txt-attack.html
I really hope the secrecy of the AC module is not part of its security
design.
In any case, I don't see any technical reason not to enable the option.
- James
--
James Morris
<jmorris at namei.org>
More information about the kernel
mailing list