Re: [RFC v3][PATCH 2/2] intel_txt: Intel(R) TXT and tboot kernelsupport

From: Pavel Machek
Date: Sun May 24 2009 - 15:42:50 EST


> > I'd prefer discussion to be public, so I don't mind leaving more
> > detailed discussion to that.
> >
> > There has been considerable discussion on the issue, following Linus'
> > statement (which I'm sure you're aware of):
> >
> >
> >
> > My position is similar -- people can decide for themselves whether they
> > want to use DRM technology. I'm also confident that technical measures
> > taken to prevent real freedom will always be broken (when have they ever
> > not been?)

Linus says he hates drm but does not want to stop it through legal
means, because its impossible. Does that mean we should merge any
random drm crap? I hope not.

> > I also feel there may be genuinely useful applications of some of the
> > technology (e.g. sealing disk encryption keys in the TPM a la
> > BitLocker).
> >
> > I'm fairly neutral on the technology itself and feel that "market
> > pressure" from users as well as local regulatory policy (e.g. anti-trust
> > laws) should determine how the technology is used, rather than the views
> > of a few kernel hackers.

So some of the technology is useful -> we merge all of it?

> For a balanced view on Trusted Computing, people should also read
> David Safford's (IBM) rebuttal whitepaper at:

Sorry, but that article is full of hype, nothing balanced on it. Plus
it speaks about different technology. Plus it is intentionally

>Technology (Intel(R) TXT). Any technology can be used for good or
>bad, but Intel has tried to ensure that users have control of TXT.

I don't see where you got that nonsense.

Try using atomic bomb for something good. Then try to use tv remote
control for something bad.

TXT was specifically designed to enable atomic bombs^W^W drm, and I
see no other reasonable use.

> I would also encourage those who are concerned about these patches
> to look at the Linux code and tboot code to satisfy themselves that
> it is providing exactly what we have claimed.

I certainly hope booting secure sandbox is root-only operation... is

(cesky, pictures)
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at