Trusted Boot in Fedora

Jon Ciesla limb at jcomserv.net
Thu Jun 23 11:58:19 UTC 2011


> On 06/22/2011 03:01 PM, Jon Ciesla wrote:
>>
>
>>> Outside that, is there any other impact? Does tboot perform any
>>> verification of the kernels, and if so how is that configured? Is the
>>> expectation that an install configured with TXT will only boot trusted
>>> kernels, and if so what mechanism is used to verify the kernel? Is
>>> there
>>> any further integration work that has to be performed for this to be
>>> useful?
>>
>> If so, is there a mechanism to disable that functionality, or mark a
>> kernel as trusted, so that I could, for example, run a kernel I built
>> myself or one from another RPM?
>
> By default this would not be enabled.  And even if so, out of the box
> the only thing it will ever do it measure the kernel you built and store
> that info.  You would be able to create your own lcp which only allowed
> whatever kernels you wished, but that's a whole different issue than
> what is being asked for here.
>

Ok.  What information is stored where and how?

-J

> -Eric
>


-- 
in your fear, seek only peace
in your fear, seek only love

-d. bowie



More information about the devel mailing list