Agenda for today's FESCo meeting

[Denys Vlasenko]

On Mon, 2011-07-18 at 14:06 +0100, Matthew Garrett wrote:
> Following is the list of topics that will be discussed in the FESCo
> meeting today at 17:00UTC (1:00pm EDT) in #fedora-meeting on
> irc.freenode.net.
> 
> Links to all tickets below can be found at: 
> https://fedorahosted.org/fesco/report/9
> 
> = Followups =
> 
> #topic #608 	F16Feature: Trusted Boot - 
> .fesco 608

I tried to understand what it is about but the density of acronyms
is far beyond my ability to cope with them.

The links presented in #608 are:

http://www.intel.com/technology/malwarereduction/index.htm
- one-page description geared towards laymen. That is,
it is so dumbed down it doesn't actually explain anything.

http://download.intel.com/technology/security/downloads/315168.pdf
- the opposite. Typical fragment:

>TXT unaware VMMs and OS kernels assume control of application
>processors during boot using INIT-SIPI-SIPI mechanism. Upon receipt of
>a SIPI, the processor resumes execution at the specified SIPI vector.

My reaction: "Er... What?"

I don't say we don't need Trusted Boot. I'd say whoever wants to include
Trusted Boot into Fedora needs to spend some time to describe what is
it, how it is implemented - in terms understandable to average Linux
hacker! - and why it may be useful to have it in Fedora.

I think the same should be applicable to any other addition.

About TB per se: I personally would want to understand how it is
possible in principle to ensure that machine wasn't tampered with. I
personally tampered with some machines. The first thing I hacked is
always the code which checks integrity.


> If you would like to add something to this agenda, you can reply to
> this e-mail, file a new ticket at https://fedorahosted.org/fesco,
> e-mail me directly, or bring it up at the end of the meeting, during
> the open floor topic. Note that added topics may be deferred until
> the following meeting. 
> 
> -- 
> Matthew Garrett | mjg59 at srcf.ucam.org

-- 
vda