http://fedoraproject.org/wiki/Features/Trusted_Boot is a proposed
feature for F16. We've traditionally had a hard objection to the
functionality because it required either the distribution or downloading
of binary code that ran on the host CPU, but it seems that there'll
shortly be systems that incorporate the appropriate sinit blob in their
BIOS, which is a boundary we've traditionally been fine with.
However, this is the kind of feature that has a pretty significant
impact on the distribution as a whole. Fesco decided that we should
probably have a broader discussion about the topic. The most obvious
issues are finding a sensible way to incorporate this into Anaconda, but
it's also then necessary to make sure that bootloader configuration is
updated appropriately.
Outside that, is there any other impact? Does tboot perform any
verification of the kernels, and if so how is that configured? Is the
expectation that an install configured with TXT will only boot trusted
kernels, and if so what mechanism is used to verify the kernel? Is there
any further integration work that has to be performed for this to be
useful?
--
Matthew Garrett | mjg59(a)srcf.ucam.org