2011/7/18 Denys Vlasenko :
> On Thu, 2011-06-23 at 18:15 +0200, Miloslav Trmač wrote:
>> The TPM allows verifying that this kernel (and only this kernel) is
>> actually running. An attacker with access to the hard drive ("evil
>> maid") can modify the code to disable any signature check that would
On Thu, 2011-06-23 at 18:15 +0200, Miloslav Trmač wrote:
> On Thu, Jun 23, 2011 at 4:21 PM, JB wrote:
> > I have done some inventory on this topic, and have some questions.
> I'm not really an expert on this... Hopefully someone will correct my
> mistakes.
>
> > Why do you need Trusted Boot mech
On Wed, 2011-06-29 at 13:48 +0200, Björn Persson wrote:
> Miloslav Trmač wrote:
> > First, the TPM (nor the CPU) really can't tell the difference between
> > the owner of the computer and an author of a virus.
>
> A jumper on the motherboard, or some other kind of physical circuit breaker,
> can
On 06/29/2011 02:07 AM, Adam Williamson wrote:
> On Tue, 2011-06-28 at 10:01 -0400, Adam Jackson wrote:
>> On Tue, 2011-06-28 at 09:59 +0200, Nicolas Mailhot wrote:
>>>
>>> Le Lun 27 juin 2011 15:12, Miloslav Trmač a écrit :
>>>
Placing trust in the manufacturer of the hardware puts the user i
Adam Williamson wrote:
> On Wed, 2011-06-29 at 13:36 +0200, Björn Persson wrote:
> > That's not impossible to change though. I have never dared to try
> > Coreboot myself, for fear of destroying my motherboard, but in principle
> > it's possible to replace the BIOS in most current computers with a
On Wed, 2011-06-29 at 13:36 +0200, Björn Persson wrote:
> Adam Williamson wrote:
> > On Tue, 2011-06-28 at 10:01 -0400, Adam Jackson wrote:
> > > On Tue, 2011-06-28 at 09:59 +0200, Nicolas Mailhot wrote:
> > > > Le Lun 27 juin 2011 15:12, Miloslav Trmač a écrit :
> > > > > Placing trust in the manu
Eric Paris wrote on 2011-06-23:
> On 06/22/2011 03:20 PM, seth vidal wrote:
>> On Wed, 2011-06-22 at 20:02 +0100, Matthew Garrett wrote:
>>
>> Are we going to continue the double grub entries? while I realize
>> that tboot SHOULD allow non TXT hw to boot properly I also realize
>> that any differe
On 06/27/2011 11:27 AM, Miloslav Trmač wrote:
> It doesn't, really. My understanding is that it takes a hash of the
> contents of memory (and perhaps other state, I don't know) and submits
> this "measurement" to the TPM. The sinit blob doesn't contain any
> policy or configuration: it is only a
Miloslav Trmač wrote:
> First, the TPM (nor the CPU) really can't tell the difference between
> the owner of the computer and an author of a virus.
A jumper on the motherboard, or some other kind of physical circuit breaker,
can do that. It would have been possible to design the TPM to accept a n
Adam Williamson wrote:
> On Tue, 2011-06-28 at 10:01 -0400, Adam Jackson wrote:
> > On Tue, 2011-06-28 at 09:59 +0200, Nicolas Mailhot wrote:
> > > Le Lun 27 juin 2011 15:12, Miloslav Trmač a écrit :
> > > > Placing trust in the manufacturer of the hardware puts the user in no
> > > > worse positio
On Tue, 2011-06-28 at 10:01 -0400, Adam Jackson wrote:
> On Tue, 2011-06-28 at 09:59 +0200, Nicolas Mailhot wrote:
> >
> > Le Lun 27 juin 2011 15:12, Miloslav Trmač a écrit :
> >
> > > Placing trust in the manufacturer of the hardware puts the user in no
> > > worse position than they were before
On Tue, 28 Jun 2011, Przemek Klosowski wrote:
> the processor serial number (PSN) wasn't shut down---every post-PIII CPU
> has it. The access is often disabled by the BIOS, but it's there:
>
> http://pcworld.about.net/magazine/1903p198id38601.htm
>
> I think that TPC requires that PSN are enabled,
On 06/28/2011 03:25 PM, Przemek Klosowski wrote:
> On 06/25/2011 04:13 AM, Camilo Mesias wrote:
>> On Fri, Jun 24, 2011 at 5:09 PM, Simo Sorce wrote:
>>> On Fri, 2011-06-24 at 22:21 +0200, nodata wrote:
2. This seems like Trusted Computing, which got shot down in flames.
>>>
>>> Who shot it
On 06/25/2011 04:13 AM, Camilo Mesias wrote:
> On Fri, Jun 24, 2011 at 5:09 PM, Simo Sorce wrote:
>> On Fri, 2011-06-24 at 22:21 +0200, nodata wrote:
>>> 2. This seems like Trusted Computing, which got shot down in flames.
>>
>> Who shot it and why ?
>
> I don't know about Trusted Computing but th
On 06/23/2011 10:21 AM, JB wrote:
> The Intel Trusted Platform consists of two components:
> - Trusted Platform Module (TPM) chip
>A hardware component, consisting of cryptographic processor and secure
>memory.
> - Trusted Boot
>A software component, open-source and partially close-sou
On Tue, Jun 28, 2011 at 08:21:23PM +, JB wrote:
> JB gmail.com> writes:
>
> > ...
> > Btw, TPM, or TXT exactly, can be hacked too (that has been done already).
> > ...
>
> ... and she is cute too :-)
Which is irrelevant to the discussion and also inappropriate for this
list.
--
Matthew
JB wrote:
> ... and she is cute too:-)
[snip]
Seeing that Trusted Boot is not going to be a F16 feature I don't think
we have to worry about any security implications for the time being.
That is... until next time.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.
JB gmail.com> writes:
> ...
> Btw, TPM, or TXT exactly, can be hacked too (that has been done already).
> ...
... and she is cute too :-)
http://theinvisiblethings.blogspot.com/search/label/trusted%20execution%20technology
and some more ...
http://siblog.mcafee.com/data-protection/tpm-undres
> On Tue, 2011-06-28 at 09:59 +0200, Nicolas Mailhot wrote:
>>
>> Le Lun 27 juin 2011 15:12, Miloslav TrmaÄ a écrit :
>>
>> > Placing trust in the manufacturer of the hardware puts the user in no
>> > worse position than they were before.
>>
>> I don't call placing absolute vetting power in bios
On Tue, 2011-06-28 at 09:59 +0200, Nicolas Mailhot wrote:
>
> Le Lun 27 juin 2011 15:12, Miloslav Trmač a écrit :
>
> > Placing trust in the manufacturer of the hardware puts the user in no
> > worse position than they were before.
>
> I don't call placing absolute vetting power in bios writer h
Le Lun 27 juin 2011 15:12, Miloslav Trmač a écrit :
> Placing trust in the manufacturer of the hardware puts the user in no
> worse position than they were before.
I don't call placing absolute vetting power in bios writer hands "no worse
position". I don't thing anyone can point to a "good" bi
2011/6/27 Miloslav Trmač :
> The hardware owner configures the TPM so that submitting specific
> "measurements" is required to use keys stored in the TPM.
To avoid a misunderstanding, "hardware owner" is "the customer", not
"hardware manufacturer".
Mirek
--
devel mailing list
devel@lists.fedor
On Mon, Jun 27, 2011 at 5:14 PM, Simo Sorce wrote:
> On Mon, 2011-06-27 at 16:53 +0200, Miloslav Trmač wrote:
>> On Mon, Jun 27, 2011 at 4:08 PM, Simo Sorce wrote:
>> The hardware manufacturer _only_ signs the sinit blob. Any kernel/OS
>> you use can be measured/"protected" by the TPM without an
On Mon, 2011-06-27 at 16:53 +0200, Miloslav Trmač wrote:
> On Mon, Jun 27, 2011 at 4:08 PM, Simo Sorce wrote:
> > On Mon, 2011-06-27 at 15:12 +0200, Miloslav Trmač wrote:
> >> On Mon, Jun 27, 2011 at 12:11 PM, Andrew Haley wrote:
> >> > On 24/06/11 20:49, Miloslav Trmač wrote:
> >> >> The purpose
On Mon, Jun 27, 2011 at 4:08 PM, Simo Sorce wrote:
> On Mon, 2011-06-27 at 15:12 +0200, Miloslav Trmač wrote:
>> On Mon, Jun 27, 2011 at 12:11 PM, Andrew Haley wrote:
>> > On 24/06/11 20:49, Miloslav Trmač wrote:
>> >> The purpose of the blob is to "measure" the system state; only the
>> >> blob
On Mon, 27 Jun 2011 10:08:44 -0400
Simo Sorce wrote:
> On Mon, 2011-06-27 at 15:12 +0200, Miloslav Trmač wrote:
> > On Mon, Jun 27, 2011 at 12:11 PM, Andrew Haley
> > wrote:
> > > On 24/06/11 20:49, Miloslav Trmač wrote:
> > >> On Fri, Jun 24, 2011 at 12:49 PM, Andrew Haley
> > >> wrote:
> > >>
On Mon, 2011-06-27 at 15:12 +0200, Miloslav Trmač wrote:
> On Mon, Jun 27, 2011 at 12:11 PM, Andrew Haley wrote:
> > On 24/06/11 20:49, Miloslav Trmač wrote:
> >> On Fri, Jun 24, 2011 at 12:49 PM, Andrew Haley wrote:
> >>> What I don't understand is why this feature requires a binary blob.
> >>>
On Mon, Jun 27, 2011 at 12:11 PM, Andrew Haley wrote:
> On 24/06/11 20:49, Miloslav Trmač wrote:
>> On Fri, Jun 24, 2011 at 12:49 PM, Andrew Haley wrote:
>>> What I don't understand is why this feature requires a binary blob.
>>> Surely whatever northbridge code is required can be free software,
On 24/06/11 20:49, Miloslav Trmač wrote:
> On Fri, Jun 24, 2011 at 12:49 PM, Andrew Haley wrote:
>> What I don't understand is why this feature requires a binary blob.
>> Surely whatever northbridge code is required can be free software,
>> Is this just security through obscurity?
>
> The purpose
Chris Adams hiwaay.net> writes:
> ...
> I think there is some misunderstanding about what the discussion is
> supposed to be about. The supporting open source code is already in
> Fedora. The feature request is simply to modify grubby/anaconda to set
> up the boot entries to include the suppor
On 25/06/11 18:52, Chris Adams wrote:
> Once upon a time, Camilo Mesias said:
>> In a sense, part of it isn't under user control. There is a secret in
>> there, held against the user, and possibly known by the manufacturer
>> or other third parties. There is also a black box of code that could
>>
On Sat, Jun 25, 2011 at 12:06 PM, Bernd Stramm wrote:
> On Sat, 25 Jun 2011 10:41:36 -0600
> Kevin Fenzi wrote:
>
>
>> I welcome posts back on the technical topic of trusted boot. ;)
>
> Right.
>
> So can we have specifics about what it's good for? Not how it is
> implemented, but what the purpos
On Sat, 25 Jun 2011 10:41:36 -0600
Kevin Fenzi wrote:
> I welcome posts back on the technical topic of trusted boot. ;)
Right.
So can we have specifics about what it's good for? Not how it is
implemented, but what the purposes are.
And who the "trusted" entities are (can be) in the chain of
Once upon a time, Camilo Mesias said:
> In a sense, part of it isn't under user control. There is a secret in
> there, held against the user, and possibly known by the manufacturer
> or other third parties. There is also a black box of code that could
> do anything.
You already have that; it is c
On Sat, 25 Jun 2011 17:26:08 +0100
Camilo Mesias wrote:
> On Sat, Jun 25, 2011 at 2:04 PM, Kevin Fenzi wrote:
> > ...snip...
> >
> > Can we move this back to technical, Fedora development related
> > discussion?
>
> I am slightly disappointed with this response, after all, to quote the
> origin
On Sat, Jun 25, 2011 at 5:26 PM, Camilo Mesias wrote:
> On Sat, Jun 25, 2011 at 2:04 PM, Kevin Fenzi wrote:
> > ...snip...
> >
> > Can we move this back to technical, Fedora development related
> > discussion?
>
> I am slightly disappointed with this response, after all, to quote the
> original
On Sat, Jun 25, 2011 at 2:04 PM, Kevin Fenzi wrote:
> ...snip...
>
> Can we move this back to technical, Fedora development related
> discussion?
I am slightly disappointed with this response, after all, to quote the
original message
"Fesco decided that we should probably have a broader discussi
...snip...
Can we move this back to technical, Fedora development related
discussion?
thanks,
kevin
signature.asc
Description: PGP signature
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Hi,
On Fri, Jun 24, 2011 at 5:09 PM, Simo Sorce wrote:
> On Fri, 2011-06-24 at 22:21 +0200, nodata wrote:
>> 2. This seems like Trusted Computing, which got shot down in flames.
>
> Who shot it and why ?
I don't know about Trusted Computing but this does remind me of the
Pentium III processor se
Rahul Sundaram gmail.com> writes:
>
> On 06/24/2011 09:55 PM, Clyde E. Kunkel wrote
> > Rahul,
> >
> > Seems he is using references to support contentions...like a scholarly
> > journal article. With respect, just as you are free to criticize on
> > these mailing lists, he is free to speak on
On Fri, 2011-06-24 at 11:41 +0200, Miloslav Trmač wrote:
> 2011/6/24 Tomas Mraz :
> > Yes, I completely agree. What Gregory tries to emphasis here - as I
> > understand it, of course he might have a different intention - is purely
> > politics and I do not think, that Fedora should involve in polit
On Fri, 2011-06-24 at 11:11 +0200, Till Maas wrote:
> On Fri, Jun 24, 2011 at 10:01:45AM +0100, Camilo Mesias wrote:
> > I am still struggling to see real applications for this. I don't know
> > how a networked system using the technology could be differentiated
> > from an (insecure) software simu
On Fri, 2011-06-24 at 17:15 -0400, Bernd Stramm wrote:
> On Fri, 24 Jun 2011 17:09:22 -0400
> Simo Sorce wrote:
>
> > On Fri, 2011-06-24 at 22:21 +0200, nodata wrote:
> > > 2. This seems like Trusted Computing, which got shot down in flames.
> >
> > Who shot it and why ?
> >
> > > Does TrustedB
On Fri, 24 Jun 2011 17:09:22 -0400
Simo Sorce wrote:
> On Fri, 2011-06-24 at 22:21 +0200, nodata wrote:
> > 2. This seems like Trusted Computing, which got shot down in flames.
>
> Who shot it and why ?
>
> > Does TrustedBoot go against the core values of Fedora?
>
> Only if it is not under us
On Fri, 2011-06-24 at 22:21 +0200, nodata wrote:
> 2. This seems like Trusted Computing, which got shot down in flames.
Who shot it and why ?
> Does TrustedBoot go against the core values of Fedora?
Only if it is not under user control, otherwise it is a very useful
feature.
Simo.
--
Simo Sor
Two questions:
1. Can you please add some information to the feature page? I can't tell
what TrustedBoot is and how it works.
2. This seems like Trusted Computing, which got shot down in flames.
Does TrustedBoot go against the core values of Fedora?
nd
On 22/06/11 21:02, Matthew Garrett wrote
On Fri, Jun 24, 2011 at 12:49 PM, Andrew Haley wrote:
> What I don't understand is why this feature requires a binary blob.
> Surely whatever northbridge code is required can be free software,
> Is this just security through obscurity?
The purpose of the blob is to "measure" the system state; onl
On 06/24/2011 11:04 AM, Rahul Sundaram wrote:
> On 06/24/2011 09:55 PM, Clyde E. Kunkel wrote
>> Rahul,
>>
>> Seems he is using references to support contentions...like a scholarly
>> journal article. With respect, just as you are free to criticize on
>> these mailing lists, he is free to speak on
On Fri, 2011-06-24 at 09:43 -0400, Gregory Maxwell wrote:
> 2011/6/24 Tomas Mraz :
> > On Fri, 2011-06-24 at 11:10 +0200, Miloslav Trmač wrote:
> >> On Fri, Jun 24, 2011 at 10:24 AM, Gregory Maxwell
> >> wrote:
> >> > If trusted boot in fedora is widely deployed, then $random_things may
> >> > d
On 06/24/2011 09:55 PM, Clyde E. Kunkel wrote
> Rahul,
>
> Seems he is using references to support contentions...like a scholarly
> journal article. With respect, just as you are free to criticize on
> these mailing lists, he is free to speak on them as long as he follows
> proper netiquette.
T
On 06/24/2011 04:07 AM, Rahul Sundaram wrote:
> On 06/24/2011 12:55 PM, JB wrote:
>> JB gmail.com> writes:
>>
>> http://en.wikipedia.org/wiki/Trusted_computing
>>
>> TC is controversial because it is technically possible not just to secure the
>> hardware for its owner, but also to secure against
On 06/24/2011 03:24 AM, Gregory Maxwell wrote:
> On Fri, Jun 24, 2011 at 4:07 AM, Rahul Sundaram wrote:
>> If you have *specific* concerns, let's hear those. You seem to just
>> quoting parts of a public wiki page anyone can read. I don't see the
>> point of that
>
> If trusted boot in fedora
Andrew Haley wrote:
> What I don't understand is why this feature requires a binary blob.
> Surely whatever northbridge code is required can be free software,
> Is this just security through obscurity?
That's a good question. I get the impression that Sinit (as the blob seems to
be called) is fro
2011/6/24 Tomas Mraz :
> On Fri, 2011-06-24 at 11:10 +0200, Miloslav Trmač wrote:
>> On Fri, Jun 24, 2011 at 10:24 AM, Gregory Maxwell wrote:
>> > If trusted boot in fedora is widely deployed, then $random_things may
>> > demand I use a particular fedora kernel in order to access them.
>>
>> I can
On Fri, Jun 24, 2011 at 1:21 PM, Jon Ciesla wrote:
>
>> On Fri, Jun 24, 2011 at 10:01:45AM +0100, Camilo Mesias wrote:
>>> I am still struggling to see real applications for this. I don't know
>>> how a networked system using the technology could be differentiated
>>> from an (insecure) software s
> On Fri, Jun 24, 2011 at 10:01:45AM +0100, Camilo Mesias wrote:
>> I am still struggling to see real applications for this. I don't know
>> how a networked system using the technology could be differentiated
>> from an (insecure) software simulation of the same from a remote
>> viewer's perspecti
On 06/24/2011 05:38 PM, Genes MailLists wrote:
> His point is rather obvious really not sure why you're picking on him
> - many may be unfamiliar with this and he spent time finding out and
> sharing what others, who have thought about this topic, have to say.
I am not picking on anyone but quot
On 06/24/2011 04:07 AM, Rahul Sundaram wrote:
> On 06/24/2011 12:55 PM, JB wrote:
>> JB gmail.com> writes:
>>
>> http://en.wikipedia.org/wiki/Trusted_computing
>>
>> TC is controversial because it is technically possible not just to secure the
>> hardware for its owner, but also to secure against
What I don't understand is why this feature requires a binary blob.
Surely whatever northbridge code is required can be free software,
Is this just security through obscurity?
Andrew.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
2011/6/24 Tomas Mraz :
> Yes, I completely agree. What Gregory tries to emphasis here - as I
> understand it, of course he might have a different intention - is purely
> politics and I do not think, that Fedora should involve in political
> decisions in one way or another.
Frankly, I view the DRM
fre 2011-06-24 klockan 10:01 +0100 skrev Camilo Mesias:
> I am still struggling to see real applications for this. I don't know
> how a networked system using the technology could be differentiated
> from an (insecure) software simulation of the same from a remote
> viewer's perspective.
Add anot
On Fri, 2011-06-24 at 11:10 +0200, Miloslav Trmač wrote:
> On Fri, Jun 24, 2011 at 10:24 AM, Gregory Maxwell wrote:
> > If trusted boot in fedora is widely deployed, then $random_things may
> > demand I use a particular fedora kernel in order to access them.
>
> I can't see how it would make any
On Fri, Jun 24, 2011 at 11:01 AM, Camilo Mesias wrote:
> I don't know
> how a networked system using the technology could be differentiated
> from an (insecure) software simulation of the same from a remote
> viewer's perspective.
The attestation is signed by a key that cannot be extracted from th
On Fri, Jun 24, 2011 at 10:01:45AM +0100, Camilo Mesias wrote:
> I am still struggling to see real applications for this. I don't know
> how a networked system using the technology could be differentiated
> from an (insecure) software simulation of the same from a remote
> viewer's perspective. Als
On Fri, Jun 24, 2011 at 10:24 AM, Gregory Maxwell wrote:
> If trusted boot in fedora is widely deployed, then $random_things may
> demand I use a particular fedora kernel in order to access them.
I can't see how it would make any difference whether Fedora supports
the feature or not - after all,
I am still struggling to see real applications for this. I don't know
how a networked system using the technology could be differentiated
from an (insecure) software simulation of the same from a remote
viewer's perspective. Also I don't see how it would be used in the
world of servers where virtua
On Fri, Jun 24, 2011 at 4:07 AM, Rahul Sundaram wrote:
> If you have *specific* concerns, let's hear those. You seem to just
> quoting parts of a public wiki page anyone can read. I don't see the
> point of that
If trusted boot in fedora is widely deployed, then $random_things may
demand I use
On 06/24/2011 12:55 PM, JB wrote:
> JB gmail.com> writes:
>
> http://en.wikipedia.org/wiki/Trusted_computing
>
> TC is controversial because it is technically possible not just to secure the
> hardware for its owner, but also to secure against its owner. Such controversy
> has led opponents of tru
JB gmail.com> writes:
http://en.wikipedia.org/wiki/Trusted_computing
TC is controversial because it is technically possible not just to secure the
hardware for its owner, but also to secure against its owner. Such controversy
has led opponents of trusted computing, such as Richard Stallman, to r
> On Thu, Jun 23, 2011 at 7:30 PM, JB wrote:
>> Miloslav TrmaÄ volny.cz> writes:
>>
>>>
>>> On Thu, Jun 23, 2011 at 4:21 PM, JB gmail.com> wrote:
>>> ...
>>> > Will the TPM allow a third party remote access to the machine ?
>>> Absolutely not.
>>
>> You are wrong here.
>>
>> http://en.wikipedi
On Thu, Jun 23, 2011 at 7:30 PM, JB wrote:
> Miloslav Trmač volny.cz> writes:
>
>>
>> On Thu, Jun 23, 2011 at 4:21 PM, JB gmail.com> wrote:
>> ...
>> > Will the TPM allow a third party remote access to the machine ?
>> Absolutely not.
>
> You are wrong here.
>
> http://en.wikipedia.org/wiki/Trus
> Miloslav TrmaÄ volny.cz> writes:
>
>>
>> On Thu, Jun 23, 2011 at 4:21 PM, JB gmail.com> wrote:
>> ...
>> > Will the TPM allow a third party remote access to the machine ?
>> Absolutely not.
>
> You are wrong here.
>
> http://en.wikipedia.org/wiki/Trusted_Platform_Module
> "...
> Overview
> ..
Miloslav Trmač volny.cz> writes:
>
> On Thu, Jun 23, 2011 at 4:21 PM, JB gmail.com> wrote:
> ...
> > Will the TPM allow a third party remote access to the machine ?
> Absolutely not.
You are wrong here.
http://en.wikipedia.org/wiki/Trusted_Platform_Module
"...
Overview
... It also includes c
On Thu, Jun 23, 2011 at 4:21 PM, JB wrote:
> I have done some inventory on this topic, and have some questions.
I'm not really an expert on this... Hopefully someone will correct my mistakes.
> Why do you need Trusted Boot mechanism to ensure that identified and origin-
> verified Linux kernel is
Matthew Garrett srcf.ucam.org> writes:
> ...
> http://fedoraproject.org/wiki/Features/Trusted_Boot is a proposed
> feature for F16.
> ...
Hi,
there will be some posts on Fedora users and testers lists, so please take
a look.
http://lists.fedoraproject.org/pipermail/users/2011-June/400539.htm
> On 06/22/2011 03:01 PM, Jon Ciesla wrote:
>>
>
>>> Outside that, is there any other impact? Does tboot perform any
>>> verification of the kernels, and if so how is that configured? Is the
>>> expectation that an install configured with TXT will only boot trusted
>>> kernels, and if so what mech
On Wed, 2011-06-22 at 21:55 -0400, Eric Paris wrote:
> On 06/22/2011 03:02 PM, Matthew Garrett wrote:
> > http://fedoraproject.org/wiki/Features/Trusted_Boot is a proposed
> > feature for F16. We've traditionally had a hard objection to the
> > functionality because it required either the distri
On 06/22/2011 03:20 PM, seth vidal wrote:
> On Wed, 2011-06-22 at 20:02 +0100, Matthew Garrett wrote:
> Are we going to continue the double grub entries? while I realize that
> tboot SHOULD allow non TXT hw to boot properly I also realize that any
> differences will be pointed to as a point of con
On 06/22/2011 03:01 PM, Jon Ciesla wrote:
>
>> Outside that, is there any other impact? Does tboot perform any
>> verification of the kernels, and if so how is that configured? Is the
>> expectation that an install configured with TXT will only boot trusted
>> kernels, and if so what mechanism is
On 06/22/2011 03:02 PM, Matthew Garrett wrote:
> http://fedoraproject.org/wiki/Features/Trusted_Boot is a proposed
> feature for F16. We've traditionally had a hard objection to the
> functionality because it required either the distribution or downloading
> of binary code that ran on the host C
On Wed, 22 Jun 2011, Simo Sorce wrote:
> > If so, is there a mechanism to disable that functionality, or mark a
> > kernel as trusted, so that I could, for example, run a kernel I built
> > myself or one from another RPM?
>
> I would say that if this feature prevents users from creating their own
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 06/22/2011 04:57 PM, Camilo Mesias wrote:
> I'm curious to know the use case(s) for this technology.
>
> Does it enable certain types of behaviour that aren't possible currently?
>
> Would it enable a system running Fedora to interact with other s
I'm curious to know the use case(s) for this technology.
Does it enable certain types of behaviour that aren't possible currently?
Would it enable a system running Fedora to interact with other systems
with a greater guarantee about its behaviour or function?
Is it just something that system int
On Wed, 2011-06-22 at 14:01 -0500, Jon Ciesla wrote:
> > http://fedoraproject.org/wiki/Features/Trusted_Boot is a proposed
> > feature for F16. We've traditionally had a hard objection to the
> > functionality because it required either the distribution or downloading
> > of binary code that ran on
On Wed, 2011-06-22 at 20:02 +0100, Matthew Garrett wrote:
> http://fedoraproject.org/wiki/Features/Trusted_Boot is a proposed
> feature for F16. We've traditionally had a hard objection to the
> functionality because it required either the distribution or downloading
> of binary code that ran on
> http://fedoraproject.org/wiki/Features/Trusted_Boot is a proposed
> feature for F16. We've traditionally had a hard objection to the
> functionality because it required either the distribution or downloading
> of binary code that ran on the host CPU, but it seems that there'll
> shortly be syste
86 matches
Mail list logo
