- <h1>Module signing [3.7]</h1>
- <ul class="incremental">
- <li>
- Kernel modules can be signed at build time, and the kernel
- configured to refuse loading unsigned modules
- </li>
- <li>
- Necessary but not sufficient to implement Secure Boot -
- we would also need signed kernel images and some other
- restrictions when booted in this mode
- </li>
- <li>
- Make Secure Boot work: come to the meeting on Tuesday
- </li>
- </ul>
-</div>
-
-<div class="slide">
- <h1>More support for discard</h1>
- <ul class="incremental">
- <li>
- Flash devices (and thin-provisioned SANs) can be more efficient
- if the filesystem 'discards' unused disk space
- </li>
- <li>
- Requires support in hardware, driver, filesystem and any layered
- device drivers - e.g. LVM, RAID (added in 3.7)
- </li>
- <li>
- Must be explicitly enabled, but d-i doesn't do this by default
- </li>
- <li>
- Make it work: fix <a href="http://bugs.debian.org/690977">http://bugs.debian.org/690977</a>
- </li>
- </ul>
-</div>
-
-<div class="slide">
- <h1>More support for containers</h1>
- <ul class="incremental">
- <li>
- Containers are lightweight VMs - run on the same kernel as host,
- but with limited privileges and resources
- </li>
- <li>
- Previously done by OpenVZ and Linux-VServer; gradually being
- reimplemented upstream
- </li>
- <li>
- User namespaces (added in 3.7) support the existence of a
- <tt>root</tt> user inside the container that is unprivileged
- outside the container
- </li>
- <li>
- Currently somewhat experimental, and requires filesystem
- changes which haven't been done for XFS
- </li>
- <li>
- Make user namespaces work: send patches to upstream XFS
- developers (this one's hard)
- </li>
- </ul>
-</div>
-
-<div class="slide">
- <h1>bcache [3.10]</h1>
- <ul class="incremental">
- <li>
- Turns a fast block device into a cache for a larger, slower
- device (see also: dm-cache, EnhanceIO)
- </li>
- <li>
- Needs its own set of userland tools
- </li>
- <li>
- Make it work:
- see <a href="http://bugs.debian.org/708132">http://bugs.debian.org/708132</a>
- (maybe just needs a sponsor)
- </li>
- </ul>
-</div>
-
-<div class="slide">
- <h1>ARMv7 multiplatform</h1>
- <ul class="incremental">
- <li>
- Until recently, each ARM kernel image could support only a small
- set of different chips
- </li>