|From:||"Tom \"spot\" Callaway" <tcallawa-H+wXaHxf7aLQT0dZR+AlfA-AT-public.gmane.org>|
|To:||Stephen Smalley <sds-+05T5uksL2qpZYMLLGbcSA-AT-public.gmane.org>|
|Subject:||Re: enable CONFIG_INTEL_TXT|
|Date:||Thu, 01 Apr 2010 10:22:51 -0400|
|Cc:||gcwilson-r/Jw6+rmf7HQT0dZR+AlfA-AT-public.gmane.org, Eric Paris <eparis-H+wXaHxf7aLQT0dZR+AlfA-AT-public.gmane.org>, kernel-TuqUDEhatI4ANWPb/1PvSmm0pvjS0E/A-AT-public.gmane.org|
On 04/01/2010 10:14 AM, Stephen Smalley wrote: > On Thu, 2010-04-01 at 10:06 -0400, Tom "spot" Callaway wrote: >> On 04/01/2010 10:04 AM, Stephen Smalley wrote: >>> In any event, while I'd prefer that the config option be enabled in both >>> Fedora and RHEL, I'd take the latter if that were the only option. But >>> is it really likely that RHEL will enable a kernel config option if it >>> isn't enabled first in Fedora? >> >> In a situation where Fedora is unlikely to provide any useful testing, >> it has been known to happen. > > Hmmm...well, there would be testing of it in Fedora if it were enabled > there. By whom exactly? I don't doubt that the NSA could test it, but surely, they are both capable and qualified to build a custom kernel and equally unlikely to push Fedora for certification (nor could they purchase support for it from Red Hat). Here is my core concern: We enable this in Fedora. This sends a message to Fedora's users that altering their bootup configuration to support SINIT (whether loaded from BIOS or from a binary-only blob that Intel will be so happy to provide) is _Supported_. And then, it breaks. And we get bugs filed. Which we have absolutely 0 chance of being able to fix. Then we get to say "what you've done is unsupported, even though we enabled a config option in the kernel that does nothing but enable the way you've setup your system." Or, far more likely, no one in Fedora, outside of a few people at the NSA testing behind closed doors, ever uses this. The enablement of this config option in Fedora is used to justify the stability of the technology, and subsequent enablement in RHEL. And then Red Hat is on the hook for truly supporting something that they have no realistic chance of being able to support, when it breaks. Then the powers-that-be ask me why we enabled this in Fedora, and what testing we did? ***** At its core, we're being asked to enable functionality for the sole purpose of supporting a chunk of proprietary software, in a configuration that requires that we explicitly trust a third party vendor for security. This makes me extremely uncomfortable, and also makes me wonder why the NSA seems comfortable with such a scenario in practice. ~spot
Copyright © 2010, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds