Trusted Boot in Fedora

[nodata]

On 25/06/11 18:52, Chris Adams wrote:
> Once upon a time, Camilo Mesias<camilo at mesias.co.uk>  said:
>> In a sense, part of it isn't under user control. There is a secret in
>> there, held against the user, and possibly known by the manufacturer
>> or other third parties. There is also a black box of code that could
>> do anything.
>
> You already have that; it is called System Management Mode.
>
>> I'm not really that paranoid but it is worth considering
>> the worst case, just as a theoretical possibility. What if the device
>> became standard by virtue of being bundled with every consumer
>> device... what if it became crucial to system operation somehow...
>
> Fedora supporting or not supporting it will have zero impact on that
> outcome happening or not happening.
>
>> Already there are systems that have whitelisted hardware (eg. wireless
>> cards in netbooks) and the BIOS polices the presence of the right
>> device. If you make unauthorised modifications to the BIOS, you can
>> install any compatible wireless card (or WWAN device). BUT if the BIOS
>> was signed and loaded by a trusted method, this option would not be
>> available.
>
> All of that is pre-kernel, so either can or cannot happen no matter what
> Fedora does.  None of that has any bearing on the technical discussion
> about whether Fedora should or should not include this functionality in
> the installer.
>
> I think there is some misunderstanding about what the discussion is
> supposed to be about.  The supporting open source code is already in
> Fedora.  The feature request is simply to modify grubby/anaconda to set
> up the boot entries to include the support by default (or when the
> hardware is found).

Please could you update the Feature page to say what exactly Trusted 
Boot is?