(Created page with '{{admon/important | Comments and Explanations | The page source contains comments providing guidance to fill out each section. They are invisible when viewing this page. To rea...') |
(still need a draft release note--see talk page for more details) |
||
| (One intermediate revision by one other user not shown) | |||
| Line 1: | Line 1: | ||
= Trusted Boot = | |||
= | |||
Trusted Boot | |||
== Summary == | == Summary == | ||
| Line 13: | Line 5: | ||
== Owner == | == Owner == | ||
* Name: [[User:eparis| Eric Paris]] | * Name: [[User:eparis| Eric Paris]] | ||
* email: eparis@redhat.com | * email: eparis@redhat.com | ||
== Current status == | == Current status == | ||
* Targeted release: [[Releases/ | * Targeted release: [[Releases/12 | 12 ]] | ||
* Last updated: | * Last updated: July 21, 2009 | ||
* Percentage of completion: 00% | * Percentage of completion: 00% | ||
| Line 34: | Line 23: | ||
== How To Test == | == How To Test == | ||
At the moment testing isn't well defined. Ultimately tests will involve users with TPM enabled hardware to be able to verify the same kernel booted they expected or a different kernel booted than they expected. | * At the moment testing isn't well defined. Ultimately tests will involve users with TPM enabled hardware to be able to verify the same kernel booted they expected or a different kernel booted than they expected. | ||
* '''FIXME'''--more details needed | |||
== User Experience == | == User Experience == | ||
No one will notice a change unless they specifically configure their system. There are no planned default changes. | |||
== Dependencies == | == Dependencies == | ||
| Line 46: | Line 36: | ||
== Documentation == | == Documentation == | ||
* Nothing et. | * '''FIXME'''--Nothing et. | ||
== Release Notes == | == Release Notes == | ||
* No good note yet as there is no documentation. There is no upstream. | * '''FIXME'''---No good note yet as there is no documentation. There is no upstream. | ||
== Comments and Discussion == | == Comments and Discussion == | ||
* See [[Talk:Features/TrustedBoot]] | * See [[Talk:Features/TrustedBoot]] | ||
[[Category: | [[Category:FeaturePageIncomplete]] | ||
Latest revision as of 03:19, 22 July 2009
Trusted Boot
Summary
Ability for users to configure their system to make use of the TPM and hardware support in order to verify that the machine is running the intended kernel.
Owner
- Name: Eric Paris
- email: eparis@redhat.com
Current status
- Targeted release: 12
- Last updated: July 21, 2009
- Percentage of completion: 00%
Detailed Description
Most of the support for trusted boot already exists in Fedora but all of the pieces have never been put together. The goal of this feature is to allow users to boot a kernel, and after it is booted to know that the kernel they are running is the kernel they expected to have running.
Benefit to Fedora
Security minded users have no way of knowing if their kernel is the expected kernel. They have no way of knowing if the system under them has been trojaned. The point of this feature is to give users a method to verify that the system that booted was the system they expected to boot.
Scope
Changes are expected to be needed in grub, tpmutils, trousers, and possibly in the kernel configuration.
How To Test
- At the moment testing isn't well defined. Ultimately tests will involve users with TPM enabled hardware to be able to verify the same kernel booted they expected or a different kernel booted than they expected.
- FIXME--more details needed
User Experience
No one will notice a change unless they specifically configure their system. There are no planned default changes.
Dependencies
The grub changes, and possibly the intel TXT support are requirements which I may not be able to control but which may cause the feature to fail to complete.
Contingency Plan
None necessary, if it doesn't work, it wasn't going to be default anyway. Users just won't be able to use it.
Documentation
- FIXME--Nothing et.
Release Notes
- FIXME---No good note yet as there is no documentation. There is no upstream.