On Thu, 2009-10-22 at 13:24 -0400, Eric Paris wrote:
On Thu, 2009-10-22 at 11:33 -0400, Stephen Smalley wrote:
> Would it be possible to get CONFIG_INTEL_TXT enabled in the Fedora
> kernel x86 and x86_64 configs going forward?
After some discussion with a couple of people on the Fedora kernel team
on IRC they decided that we should not enable CONFIG_INTEL_TXT until it
is useful for something other than a closed source binary blob which
Fedora is unable to distribute. We have messaged that Fedora was unable
to include the binary blob from Intel and it has been suggested that
they create an open module rather than forcing Linux users to trust some
part of their system security to an unknown binary blob. Hopefully you
can add your weight to that discussion and help intel see the need for
an open source blob.
Don't forget to mention the more paranoid hand-waving about removing RAM
chips at runtime with liquid nitrogen after going into suspend and
hax0ring. I think there will be more upstream discussion anyway.
Jon.