LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Re: Trusted Boot in Fedora

[Posted June 29, 2011 by jake]

From:  Daniel J Walsh <dwalsh-AT-redhat.com>
To:  Development discussions related to Fedora <devel-AT-lists.fedoraproject.org>
Subject:  Re: Trusted Boot in Fedora
Date:  Wed, 22 Jun 2011 17:32:50 -0400
Message-ID:  <4E025F82.30707@redhat.com>
Archive-link:  Article, Thread 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/22/2011 04:57 PM, Camilo Mesias wrote:
> I'm curious to know the use case(s) for this technology.
> 
> Does it enable certain types of behaviour that aren't possible currently?
> 
> Would it enable a system running Fedora to interact with other systems
> with a greater guarantee about its behaviour or function?
> 
> Is it just something that system integrators would see as a feature
> enabling them to make a secured system (ie something useful for RHEL)?
> 
> If it just allows you to optionally run a signed kernel, I don't
> understand the point if it can be circumvented by choosing to run an
> unsigned one. So I think there must be some benefit that isn't
> obvious. What's the benefit?
> 
> -Cam
The idea is to allow certain tools/machines to make judgments on how
"trusted" a machine is.  For example you could set up a VPN server that
says I will only allow a machine that passes the "Trusted" test to join
my network.   Another potential example would be to not allow a guest
machine to run on your host if its OS is not "Trusted"  Or to have a
guest OS check to see if the Host Server is Trusted or stop running.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk4CX4IACgkQrlYvE4MpobPJ6QCg4Rx6gj1XlCObyFV920kgs3bN
tQUAn0B50VPRjMb8cIv42GktSA/UxFgD
=JaeC
-----END PGP SIGNATURE-----
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
(Log in to post comments)

Copyright © 2011, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds