On Wed, 31 Mar 2010, Eric Paris wrote:
This config option allows a user to download new (open source)
software
(tboot) along with other third party software to verify the correctness
of the BOOTED system.
My feeling is that this needs to be dealt with upstream, and that the open
source tboot needs to be delivered first.
Are there any objections to enabling CONFIG_INTEL_TXT on x86_64?
Yes.
- We should be doing kernel development upstream unless there's an
extraordinary reason not to (typically, following a request from Linus).
- We should not be adding kernel infrastructure to support proprietary,
closed source
- Especially so, given that this is a security feature
I'd love to see support for TXT -- I think we can do some very important
things with it, but I don't think it's workable as open source if it
depends on closed proprietary code.
- James
--
James Morris
<jmorris(a)namei.org>