> We live in a world where compliance is king. Nevermind if compliance
> doesn't actually make the system more secure.
Er .. re my previous post, I don't mean "lie to RH and claim to want to
buy RHEL to get free support". I mean that you should consider going to
management and getting approval for professional support and integration
work from a specialist, because you're going to need it.
Alternately you could do the dodgy Trusted GRUB + signed kernel + signed
initrd with scripted GnuPG verification hack. It'd be a lot better than
nothing if your target server has a TPM you can enable and use for
Trusted GRUB.
--
Craig Ringer