|| ||Stephen Smalley <sds-+05T5uksL2qpZYMLLGbcSA-AT-public.gmane.org> |
|| ||James Morris <jmorris-gx6/JNMH7DfYtjvyW6yDsg-AT-public.gmane.org> |
|| ||Re: enable CONFIG_INTEL_TXT |
|| ||Thu, 01 Apr 2010 09:38:02 -0400|
|| ||gcwilson-r/Jw6+rmf7HQT0dZR+AlfA-AT-public.gmane.org, kernel-TuqUDEhatI4ANWPb/1PvSmm0pvjS0E/A-AT-public.gmane.org,
Eric Paris <eparis-H+wXaHxf7aLQT0dZR+AlfA-AT-public.gmane.org>|
|| ||Article, Thread
On Thu, 2010-04-01 at 15:02 +1100, James Morris wrote:
> On Wed, 31 Mar 2010, Eric Paris wrote:
> > Simple answer is 'because Intel says so.' I'm sorry but I don't think
> > I'm allowed to divulge any reasons Intel may or may not have shared with
> > Red Hat.
> It seems odd to me that the full design and operation of a security
> mechanism is not being made available, and that the reasons for this
> are also not able to be divulged.
> Note that an SINIT AC module was recently reverse engineered, found to be
> buggy, and then used break TXT:
> I really hope the secrecy of the AC module is not part of its security
> In any case, I don't see any technical reason not to enable the option.
As far as I know the security of TXT in no way relies upon keeping the
SINIT module closed source.
National Security Agency
to post comments)