On Wed, 31 Mar 2010, Eric Paris wrote:
This config option allows a user to download new (open source) software (tboot) along with other third party software to verify the correctness of the BOOTED system.
My feeling is that this needs to be dealt with upstream, and that the open source tboot needs to be delivered first.
Are there any objections to enabling CONFIG_INTEL_TXT on x86_64?
Yes.
- We should be doing kernel development upstream unless there's an extraordinary reason not to (typically, following a request from Linus).
- We should not be adding kernel infrastructure to support proprietary, closed source
- Especially so, given that this is a security feature
I'd love to see support for TXT -- I think we can do some very important things with it, but I don't think it's workable as open source if it depends on closed proprietary code.
- James