Re: Trusted kernel patchset for Secure Boot lockdown

From: Florian Weimer
Date: Wed Mar 19 2014 - 14:10:39 EST

Next message: Jim Davis: "randconfig build error with next-20140319, in drivers/media/i2c/s5c73m3/s5c73m3-core.c"
Previous message: Paul Gortmaker: "Re: undefined reference to `i2c_add_adapter'"
In reply to: Florian Weimer: "Re: Trusted kernel patchset for Secure Boot lockdown"
Next in thread: Kees Cook: "Re: Trusted kernel patchset for Secure Boot lockdown"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* One Thousand Gnomes:

>> For the Chrome OS use-case, it might be better described as "untrusted
>> userspace", but that seems unfriendly. :) The "trusted kernel" name
>> seems fine to me.
>
> Trusted is rather misleading. It's not trusted, it's *measured*.

I don't think anyone is doing any measurement. In particular, the
kernel does not know anything about the history of the boot process
and cannot provide any form of attestation. This is why this feature
is not very useful to end users.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jim Davis: "randconfig build error with next-20140319, in drivers/media/i2c/s5c73m3/s5c73m3-core.c"
Previous message: Paul Gortmaker: "Re: undefined reference to `i2c_add_adapter'"
In reply to: Florian Weimer: "Re: Trusted kernel patchset for Secure Boot lockdown"
Next in thread: Kees Cook: "Re: Trusted kernel patchset for Secure Boot lockdown"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]