Trusted Boot in Fedora
tmraz at redhat.com
Fri Jun 24 15:27:32 UTC 2011
On Fri, 2011-06-24 at 09:43 -0400, Gregory Maxwell wrote:
> 2011/6/24 Tomas Mraz <tmraz at redhat.com>:
> > On Fri, 2011-06-24 at 11:10 +0200, Miloslav Trmač wrote:
> >> On Fri, Jun 24, 2011 at 10:24 AM, Gregory Maxwell <gmaxwell at gmail.com> wrote:
> >> > If trusted boot in fedora is widely deployed, then $random_things may
> >> > demand I use a particular fedora kernel in order to access them.
> >> I can't see how it would make any difference whether Fedora supports
> >> the feature or not - after all, any vendor can add patch Fedora to add
> >> TPM support and then "$random_things may demand you use a particular
> >> vendor-modified Fedora in order to access them" - or a particular
> >> non-Fedora operating system, just as well.
> The userbase of Fedora as a whole is substantially larger than the
> userbase of fedora users who run non-default kernels. The small
> benefit of mandatory remote attestation could be far more easily
> outweighed by the loss of the whole Fedora userbase than it could be
> outweighed by the loss of the tiny subset of the Fedora users who are
> actively practicing the freedom's theoretically provided by Fedora
> (and wouldn't simply stop if the freedom was made costly by a
> [I can make clear examples of cases where large relevant internet
> resources chose to exclude userbases larger than
> Fedora-users-with-modified kernels for just slight convenience, but
> took inconvenience to support ones comparable in size to Fedora, but
> I'm trying to stay scrupulously on-topic]
> > Yes, I completely agree. What Gregory tries to emphasis here - as I
> > understand it, of course he might have a different intention - is purely
> > politics and I do not think, that Fedora should involve in political
> > decisions in one way or another.
> > If the feature conforms to Fedora legal requirements and the developers
> > of the affected packages are OK with integrating necessary patches, it
> > should be allowed.
> I'm puzzled by this response. Would you also support Fedora packaging
> and distributing proprietary binary only applications offered under a
> license which legally allows Fedora to do so, but which disallowed the
> end user the freedom to modify and understand the software? How is
> this also not equally political?
Oops I might not be clear enough in my response. With the "Fedora legal
requirements" I meant not only the restrictions what can Fedora ship as
allowed by laws of countries where Fedora is shipping but also the basic
restriction that Fedora imposed upon itself within its roots and that is
to provide only fully open source non-proprietary software (let's not
dive into the firmware blobs issues now, please).
And if trusted boot does not break this core requirement I think it
should be allowed within Fedora.
No matter how far down the wrong road you've gone, turn back.
More information about the devel