Trusted Boot in Fedora

nodata lsof at
Fri Jun 24 20:21:05 UTC 2011

Two questions:

1. Can you please add some information to the feature page? I can't tell 
what TrustedBoot is and how it works.

2. This seems like Trusted Computing, which got shot down in flames.
Does TrustedBoot go against the core values of Fedora?


On 22/06/11 21:02, Matthew Garrett wrote:
> is a proposed
> feature for F16. We've traditionally had a hard objection to the
> functionality because it required either the distribution or downloading
> of binary code that ran on the host CPU, but it seems that there'll
> shortly be systems that incorporate the appropriate sinit blob in their
> BIOS, which is a boundary we've traditionally been fine with.
> However, this is the kind of feature that has a pretty significant
> impact on the distribution as a whole. Fesco decided that we should
> probably have a broader discussion about the topic. The most obvious
> issues are finding a sensible way to incorporate this into Anaconda, but
> it's also then necessary to make sure that bootloader configuration is
> updated appropriately.
> Outside that, is there any other impact? Does tboot perform any
> verification of the kernels, and if so how is that configured? Is the
> expectation that an install configured with TXT will only boot trusted
> kernels, and if so what mechanism is used to verify the kernel? Is there
> any further integration work that has to be performed for this to be
> useful?

More information about the devel mailing list