Trusted Boot in Fedora
tmraz at redhat.com
Thu Jun 23 07:52:05 UTC 2011
On Wed, 2011-06-22 at 21:55 -0400, Eric Paris wrote:
> On 06/22/2011 03:02 PM, Matthew Garrett wrote:
> > http://fedoraproject.org/wiki/Features/Trusted_Boot is a proposed
> > feature for F16. We've traditionally had a hard objection to the
> > functionality because it required either the distribution or downloading
> > of binary code that ran on the host CPU, but it seems that there'll
> > shortly be systems that incorporate the appropriate sinit blob in their
> > BIOS, which is a boundary we've traditionally been fine with.
> Such systems supposedly exist today. I haven't tested them, but I
> believe a number of the newer Dell systems already have the required
> northbridge code in flash. tboot will use the binary northbridge setup
> blob that may be passed to it or it will try to use any blobs built into
> the flash if it isn't given a blob by grub. In the case that it doesn't
> have the magic blob needed to set up the CPU and northbridge it just
> won't execute the magic SENTER instruction. magic!
> > However, this is the kind of feature that has a pretty significant
> > impact on the distribution as a whole.
> I actually think this is completely wrong. It shouldn't have ANY distro
> wide impact at all.
> > Fesco decided that we should
> > probably have a broader discussion about the topic. The most obvious
> > issues are finding a sensible way to incorporate this into Anaconda, but
> > it's also then necessary to make sure that bootloader configuration is
> > updated appropriately.
> Agreed. These are exactly the parts that they need to do development.
> Anaconda shouldn't really need changes, tboot is just a package that
> needs installed. I'm not sure why that's even a part of the feature
> request. If anaconda creates the initial grub.conf it might need some
> work but that is the same issue as the next question. Grubby is what
> needs discussion and new code. It will need to detect tboot is
> installed and handle new grub type entries correctly. I haven't seen
> any code for this, but handling new formats of grub entries is what is
> really needed here.
> > Outside that, is there any other impact?
> There shouldn't be. Mind you if you want this to be useful for
> something it's going to take more steps and layers on top, but just
> booting into a measured launch environment should require no other steps.
So to recap this for the next FESCo meeting(s).
1. There exists hardware that does not require any binary blobs to be
downloaded or distributed within Fedora.
2. The feature does not have any substantial negative impact on the rest
of the distribution (apart from requiring some integration work from
grubby and anaconda maintainers).
3. What's really missing is the agreement between tboot, anaconda, and
grubby maintainers on how to integrate the trusted boot into grubby and
Is that correct?
No matter how far down the wrong road you've gone, turn back.
More information about the devel