User: Password:
|
|
Subscribe / Log in / New account

Re: Trusted Boot in Fedora

From:  Daniel J Walsh <dwalsh-AT-redhat.com>
To:  Development discussions related to Fedora <devel-AT-lists.fedoraproject.org>
Subject:  Re: Trusted Boot in Fedora
Date:  Wed, 22 Jun 2011 17:32:50 -0400
Message-ID:  <4E025F82.30707@redhat.com>
Archive-link:  Article

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/22/2011 04:57 PM, Camilo Mesias wrote:
> I'm curious to know the use case(s) for this technology.
> 
> Does it enable certain types of behaviour that aren't possible currently?
> 
> Would it enable a system running Fedora to interact with other systems
> with a greater guarantee about its behaviour or function?
> 
> Is it just something that system integrators would see as a feature
> enabling them to make a secured system (ie something useful for RHEL)?
> 
> If it just allows you to optionally run a signed kernel, I don't
> understand the point if it can be circumvented by choosing to run an
> unsigned one. So I think there must be some benefit that isn't
> obvious. What's the benefit?
> 
> -Cam
The idea is to allow certain tools/machines to make judgments on how
"trusted" a machine is.  For example you could set up a VPN server that
says I will only allow a machine that passes the "Trusted" test to join
my network.   Another potential example would be to not allow a guest
machine to run on your host if its OS is not "Trusted"  Or to have a
guest OS check to see if the Host Server is Trusted or stop running.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk4CX4IACgkQrlYvE4MpobPJ6QCg4Rx6gj1XlCObyFV920kgs3bN
tQUAn0B50VPRjMb8cIv42GktSA/UxFgD
=JaeC
-----END PGP SIGNATURE-----
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel



(Log in to post comments)


Copyright © 2011, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds