|| ||James Morris <jmorris-gx6/JNMH7DfYtjvyW6yDsg-AT-public.gmane.org> |
|| ||Eric Paris <eparis-H+wXaHxf7aLQT0dZR+AlfA-AT-public.gmane.org> |
|| ||Re: enable CONFIG_INTEL_TXT |
|| ||Thu, 1 Apr 2010 15:02:49 +1100 (EST)|
|| ||gcwilson-r/Jw6+rmf7HQT0dZR+AlfA-AT-public.gmane.org, sds-+05T5uksL2qpZYMLLGbcSA-AT-public.gmane.org, kernel-TuqUDEhatI4ANWPb/1PvSmm0pvjS0E/A-AT-public.gmane.org|
|| ||Article, Thread
On Wed, 31 Mar 2010, Eric Paris wrote:
> Simple answer is 'because Intel says so.' I'm sorry but I don't think
> I'm allowed to divulge any reasons Intel may or may not have shared with
> Red Hat.
It seems odd to me that the full design and operation of a security
mechanism is not being made available, and that the reasons for this
are also not able to be divulged.
Note that an SINIT AC module was recently reverse engineered, found to be
buggy, and then used break TXT:
I really hope the secrecy of the AC module is not part of its security
In any case, I don't see any technical reason not to enable the option.
to post comments)