Re: [PATCH 0/4] integrity

From: James Morris
Date: Wed Dec 03 2008 - 18:30:55 EST

Next message: Frédéric Weisbecker: "Re: [PATCH] tracing/function-branch-tracer: support for x86-64"
Previous message: Greg KH: "Re: [patch 000/104] 2.6.27-stable review"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 14 Nov 2008, Andrew Morton wrote:

> One thing which I cannot say, and which is quite important: how useful
> will all of this be to our users? Are people asking for it?

Apparently, some government users are, and there's a DoD decree which
requires new equipment to include TPM hardware where possible:

http://iase.disa.mil/policy-guidance/dod-dar-tpm-decree07-03-07.pdf

This is to support encryption of data at rest, and for "device
authentication" (requiring remote attestation of system integrity).

It's not clear to me yet how compelling this will be for general-case
users.

> Are
> people likely to enable and use it? Are they even likely to understand
> it? ;) Are any large/important customers asking for it? Are distros
> likely to enable and support it?

I believe that TPM is in "tech preview" in RHEL 5.2, and that there is a
desire to integrate it more fully with the OS via TCG software such as
Trousers: http://trousers.sourceforge.net/

- James
--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Frédéric Weisbecker: "Re: [PATCH] tracing/function-branch-tracer: support for x86-64"
Previous message: Greg KH: "Re: [patch 000/104] 2.6.27-stable review"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]