Slashdot Mirror
SUSE Awarded EAL4 Certification
An anonymous reader writes "Following in the wake of its previous certifications, Novell's SUSE Linux Enterprise Server 9 has achieved EAL4 certification on 'an IBM eServer.' This puts SLES9 in the same league as Windows 2000 for sales in the government sector and is the first Linux distro to achieve an EAL4 certification."
Maybe I missed it in the article, but I am curious if it was on a pSeries or xSeries. SLES9 on a pSeries box is a damn good combination. On the xSeries, it's o.k. but you do not have the peace of mind you get with the pSeries hardware.
I feel a little more confident in our military using that than MS windows on cheap beige boxes.Flexible bare-metal recovery for Linux/UNIX
What is EAL4 in 50 words or less?
I totally regret using Red Hat first. Suse is indeed the better road. I'd love to see the gov't be run on linux :D
That, my friend, is probably the most succinct description of what is wrong with the world of personal computing that I've heard yet.
The only thing I would add is that this applies all across the board. Home users and corporate office users are in the same boat: they often have no interesting in "upgrading" to get more whiz-bang because they don't need it and don't want the headaches. That's the essentially conservative attitude that the bulk of users have, because any significant change means they may have to spend time and money they don't have to learn something new, deal with problems that weren't there before, and may find their shiny new OS and apps interfering with getting their jobs done. Microsoft's feature-oriented marketing and forced upgrade cycles have probably caused more lost man-hours than the common cold.
The higher the technology, the sharper that two-edged sword.
I had problems with an Adaptec SCSI controller in a Dell system recently.
:-(
The trouble is that Adaptec seems to think that doing RAID-1 in the device driver is somehow a good idea and worthy to be very secretive about. So they provide binary-only drivers for their card and it is 3 kernel versions behind.
Of course we need no Adaptec software RAID-1 as Linux has it in the kernel. After some searching and asking I found a patch that allowed the Adaptec controller to operate as a plain SCSI controller and from then on it has worked OK. Of course this means trouble whenever the kernel is updated, which happens every 2-3 weeks lately
So I decided to swap the system with one running Windows this week. I know that the other one, which has a MPT controller, works without such problems.
Adaptec is better avoided. Problems like this are not uncommon with their controllers.
The French Ministry of Defense will put up 7 million over the next three years to fund an industrial consortium building a Linux-based operating system that can achieve EAL5 certification. The coalition includes Bertin Technologies, SURLOG, Jaluna, Mandrakesoft, and OPPIDA.
BTW. There are Server and Embedded Linux version that has achieved Telecom Carrier Grade certification for reliablity. Microsoft won't try to get Telecom Carrier Grade certification for Windows because it is too unreliable.
That's exactly what it is... which is yet another facet of the differences between Novell and Red Hat. Novell has the money to apply their resources across a much broader spectrum than Red Hat - just by virtue of having more money. Also, they have much more staff on the payroll - and by extension, more time (read: manhours).
IBM paid for it. IBM's engineers did it. They do this kind of thing on behalf of the distro's it uses on its hardware. It has absolutely nothing to do with the resources of Novell or what not; IBM would certify Debian, if IBM's customers demanded it.
Re: "meeting design documentation": In my experience, in practice this often involves generating "design documentation" after the fact. Roughly speaking, this could be for example by following a process like this: write the code, comment the functions, run doxygen on it or something, print that out, and present it as the "design documentation". Voila, your implementation meets the 'design spec', congratulations.
...it is a real punch against M$ propaganda about Linux being insecure... anytime M$ tells the public that Linux is insecure we can say that we've got the same certification as they have...
The requirement is actually that you document what your security model is and how your implementation achieves it, and then they verify that you're right.
There are no restrictions on the development process. The point is that it gets validated as a finished item, so it doesn't matter how it got that way. It also doesn't matter who writes the documents, so long as they have the necessary information.
It will be interesting to see when SuSE does with the documents which were part of the process. It would also be interesting to see what, exactly, SuSE's security model is. (EAL4 doesn't require you to have a particularly useful security model; IIRC, Windows got EAL4 in configurations without network or disk drives.) It would be interesting for the kernel tree to include all of the necessary documentation for EAL4 in various ways, such that anyone who wants to get a version certified just has to build a suitable configuration and submit it for verification.