|From:||Daniel J Walsh <dwalsh-AT-redhat.com>|
|To:||Development discussions related to Fedora <devel-AT-lists.fedoraproject.org>|
|Subject:||Re: Trusted Boot in Fedora|
|Date:||Wed, 22 Jun 2011 17:32:50 -0400|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/22/2011 04:57 PM, Camilo Mesias wrote: > I'm curious to know the use case(s) for this technology. > > Does it enable certain types of behaviour that aren't possible currently? > > Would it enable a system running Fedora to interact with other systems > with a greater guarantee about its behaviour or function? > > Is it just something that system integrators would see as a feature > enabling them to make a secured system (ie something useful for RHEL)? > > If it just allows you to optionally run a signed kernel, I don't > understand the point if it can be circumvented by choosing to run an > unsigned one. So I think there must be some benefit that isn't > obvious. What's the benefit? > > -Cam The idea is to allow certain tools/machines to make judgments on how "trusted" a machine is. For example you could set up a VPN server that says I will only allow a machine that passes the "Trusted" test to join my network. Another potential example would be to not allow a guest machine to run on your host if its OS is not "Trusted" Or to have a guest OS check to see if the Host Server is Trusted or stop running. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk4CX4IACgkQrlYvE4MpobPJ6QCg4Rx6gj1XlCObyFV920kgs3bN tQUAn0B50VPRjMb8cIv42GktSA/UxFgD =JaeC -----END PGP SIGNATURE----- -- devel mailing list firstname.lastname@example.org https://admin.fedoraproject.org/mailman/listinfo/devel
Copyright © 2011, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds