Trusted Boot in Fedora
lsof at nodata.co.uk
Fri Jun 24 20:21:05 UTC 2011
1. Can you please add some information to the feature page? I can't tell
what TrustedBoot is and how it works.
2. This seems like Trusted Computing, which got shot down in flames.
Does TrustedBoot go against the core values of Fedora?
On 22/06/11 21:02, Matthew Garrett wrote:
> http://fedoraproject.org/wiki/Features/Trusted_Boot is a proposed
> feature for F16. We've traditionally had a hard objection to the
> functionality because it required either the distribution or downloading
> of binary code that ran on the host CPU, but it seems that there'll
> shortly be systems that incorporate the appropriate sinit blob in their
> BIOS, which is a boundary we've traditionally been fine with.
> However, this is the kind of feature that has a pretty significant
> impact on the distribution as a whole. Fesco decided that we should
> probably have a broader discussion about the topic. The most obvious
> issues are finding a sensible way to incorporate this into Anaconda, but
> it's also then necessary to make sure that bootloader configuration is
> updated appropriately.
> Outside that, is there any other impact? Does tboot perform any
> verification of the kernels, and if so how is that configured? Is the
> expectation that an install configured with TXT will only boot trusted
> kernels, and if so what mechanism is used to verify the kernel? Is there
> any further integration work that has to be performed for this to be
More information about the devel