Trusted Boot in Fedora
limb at jcomserv.net
Thu Jun 23 11:58:19 UTC 2011
> On 06/22/2011 03:01 PM, Jon Ciesla wrote:
>>> Outside that, is there any other impact? Does tboot perform any
>>> verification of the kernels, and if so how is that configured? Is the
>>> expectation that an install configured with TXT will only boot trusted
>>> kernels, and if so what mechanism is used to verify the kernel? Is
>>> any further integration work that has to be performed for this to be
>> If so, is there a mechanism to disable that functionality, or mark a
>> kernel as trusted, so that I could, for example, run a kernel I built
>> myself or one from another RPM?
> By default this would not be enabled. And even if so, out of the box
> the only thing it will ever do it measure the kernel you built and store
> that info. You would be able to create your own lcp which only allowed
> whatever kernels you wished, but that's a whole different issue than
> what is being asked for here.
Ok. What information is stored where and how?
in your fear, seek only peace
in your fear, seek only love
More information about the devel