On Thu, 2012-07-12 at 10:21 +0100, M A Young wrote: > > Is the fact that Fedora release guidelines include Xen _guest_ support > > but not full _host_ functionalities going to be an issue if/when we > > decide to try influencing this > > http://fedoraproject.org/wiki/Features/SecureBoot ? > > In terms of getting xen into the Fedora signing game we would either need > to get the people behind the SecureBoot feature to add xen or submit our > own feature to add that functionality (I haven't contacted them but I > guess they would prefer the latter). > I see. Well, you sure are way more confident than me with the "adding features" process (I'm trying to get into how this sort of things work for Fedora) but I'm available to provide any help with anything you think I could do in order to achieve that.
> With regard to technical challenges I wonder what if any signature > checking xen itself would need to do (for example would it check the > signature on the dom0 kernel or would grub2 do that) because part of the > securing process would be to ensure that xen itself didn't leave open > doors to break into the secure system. Also there is the question of > drivers as I gather they need to be signed to talk to bios devices, which > may simply be a pass through of the dom0 kernel signed drivers or might be > more complicated. > These are all very interesting question, to which I'm far from having an answer... However, as I think they also apply to other hypervisors (and KVM among them) we can at least look at what they have in mind and/or share thoughts and ideas, can't we? Thanks and Regards, Dario -- <<This happens because I choose it to happen!>> (Raistlin Majere) ----------------------------------------------------------------- Dario Faggioli, Ph.D, http://retis.sssup.it/people/faggioli Senior Software Engineer, Citrix Systems R&D Ltd., Cambridge (UK)
Description: This is a digitally signed message part
-- xen mailing list firstname.lastname@example.org https://admin.fedoraproject.org/mailman/listinfo/xen