TCS COO Ed Hammersla says he's glad to pass his company's kernel modifications off to Red Hat, since TCS is an applications company and not an operating system developer. "We built Trusted Linux just because it didn't exist," he says. "If someone else would have built it, we wouldn't have had to do it. We didn't want to be in the operating system business."
TCS needed a hardened version of Linux because customers were asking for applications that would run on something other than Sun's proprietary OS and hardware specifications. "We had customers tell us, we love your apps but we're not buying Sun," Hammersla says.
He says that he knew all along that at some point TCS would come to this fork in the road. "We knew we would have to come to a decision [about] what to do with Trusted Linux. Do we sell it, or do we open source it and make it part of a standard distribution?" As he talked to customers and hardware vendors like HP, Dell, and IBM, it became obvious that it would be better to make TCS's kernel mods part of something bigger.
Hammersla says IBM and HP made it "pretty clear" that they would prefer to be involved with a more recognized Linux distribution, and even the National Security Agency is more comfortable with a mainstream distro. Hammersla liked Red Hat because it had already embraced SELinux in "a more thorough way." So TCS and IBM approached Red Hat.
Paul Smith, vice president of government sales operations for Red Hat, says that the company is putting the "next layer" on TCS's kernel. He says that Red Hat was headed in the hardened Linux direction already. "About a year ago Red Hat embarked on a research project with the NSA and part of that project, in conjunction with the community, was to develop a more hardened secure version of Linux for intelligence agencies." The result of that research is something Smith calls an "embrace of the code set that is SELinux."
Smith expects that with the next release cycle, TCS kernel modifications will be part of Red Hat Enterprise Linux 5, pending the upstreaming of the code through the Linux development community and the rigorous demands of the government's Common Criteria evaluations, which will certify that the code meets multiple level security requirements.
In the meantime, Trusted Linux is already the foundation of all of TCS's Linux-ported applications, but you can't get it on a standalone basis -- at least not from TCS. But for the adventurous or the curious, Smith says all the evaluation code is available for download at the Fedora Project site.