From: Pavel Machek <pavel@suse.cz>
To: Chris Wright <chrisw@sous-sol.org>
Cc: "Cihula, Joseph" <joseph.cihula@intel.com>,
linux-kernel@vger.kernel.org, "Wang,
Shane" <shane.wang@intel.com>, "Wei, Gang" <gang.wei@intel.com>,
"Van De Ven, Arjan" <arjan.van.de.ven@intel.com>,
"Mallick, Asit K" <asit.k.mallick@intel.com>,
"Nakajima, Jun" <jun.nakajima@intel.com>,
Chris Wright <chrisw@redhat.com>,
Jan Beulich <jbeulich@novell.com>,
mingo@elte.hu, tytso@mit.edu
Subject: Re: [RFC][PATCH 0a/3] TXT: Intel(R) Trusted Execution Technology support for Linux - Overview
Date: Thu, 9 Oct 2008 19:59:38 +0200 [thread overview]
Message-ID: <20081009175938.GA12507@elf.ucw.cz> (raw)
In-Reply-To: <20081009174427.GB6912@sequoia.sous-sol.org>
On Thu 2008-10-09 10:44:27, Chris Wright wrote:
> * Pavel Machek (pavel@suse.cz) wrote:
> > Ok, I don't get it, why would I want to measure my kernel?
>
> Trusted boot. There's always the double-edge sword w/ this. Clearly,
> a requirement is that you don't just brick your own box, and have some
> policy/mechanism for defining how you'd use trusted boot. I believe
> that's all there w/ TXT patch (since it's mostly handled before kernel
> boots, TXT kernel bit is just to help w/ handoff).
I have never used trusted boot and I'm not sure I want to. Why would I
want to do that?
> > I see why Disney would want to do that, but I don't see why we would
> > want to help them.
> >
> > Plus, the fact that trusted mode is pretty much incompatible with
> > s3/s4 makes it useless, right?
>
> Why do you say that? Did you look at patch 3/3, see tboot_sleep().
You exit/reenter the trusted mode accross sleep... so any guarantees
"trusted" mode does are void, right?
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
next prev parent reply other threads:[~2008-10-09 17:58 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-07 20:34 [RFC][PATCH 0a/3] TXT: Intel(R) Trusted Execution Technology support for Linux - Overview Cihula, Joseph
2008-10-09 12:53 ` Pavel Machek
2008-10-09 17:44 ` Chris Wright
2008-10-09 17:59 ` Pavel Machek [this message]
2008-10-09 18:14 ` Chris Wright
2008-10-09 18:21 ` Pavel Machek
2008-10-09 18:35 ` [RFC][PATCH 0a/3] TXT: Intel(R) Trusted Execution Technologysupport " Cihula, Joseph
2008-10-09 18:45 ` Pavel Machek
2008-10-09 21:16 ` [RFC][PATCH 0a/3] TXT: Intel(R) Trusted ExecutionTechnologysupport " Cihula, Joseph
2008-10-09 18:37 ` [RFC][PATCH 0a/3] TXT: Intel(R) Trusted Execution Technology support " Chris Wright
-- strict thread matches above, loose matches on Subject: below --
2008-10-07 22:46 Joseph Cihula
2008-10-08 7:24 ` Peter Zijlstra
2008-10-08 18:38 ` Joseph Cihula
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081009175938.GA12507@elf.ucw.cz \
--to=pavel@suse.cz \
--cc=arjan.van.de.ven@intel.com \
--cc=asit.k.mallick@intel.com \
--cc=chrisw@redhat.com \
--cc=chrisw@sous-sol.org \
--cc=gang.wei@intel.com \
--cc=jbeulich@novell.com \
--cc=joseph.cihula@intel.com \
--cc=jun.nakajima@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=shane.wang@intel.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.