Re: [PATCH v5 00/21] EVM

[Dmitry Kasatkin]

reposted in plain text..

On Sun, May 29, 2011 at 9:58 AM, Pavel Machek <pavel@xxxxxx> wrote:
>
> chattr already protects authenticity of my files, as do standard unix
> permissions.
>
> So... where's the difference?
>

chattr only protects against runtime attacks.
That is Access Control feature - not integrity.

>                                                                Pavel
> (*) but it does not change anything.
>
> True; determined attacker could steal my cellphone, open it up,
> desolder the flash, and change attributes of the filesystem.
>
> But... the same determined attacker can also replace
> bootloader&kernel&filesystem -- that is in the same flash! -- with
> unlocked versions. So the argumentation is the same for locked down
> phone.
>

That is completely incorrect in respect to locked/protected devices.
Chain of trust starts from ROM.
Bootloader is authenticated by the ROM and that will not allow to boot
the device.
Next bootloader will authenticate the kernel and display the message
on the screen
if it has been tampered.
And the next, authentic kernel will enforce filesystem integrity
protection using EVM.

The important use case is not to lock down phone against yourself,
but to protect normal users against possibility to sell/give them devices with
not authentic software which could do different nasty things, like
stealing the data or spying.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/