Re: Trusted kernel patchset

From: David Lang
Date: Mon Mar 16 2015 - 16:36:19 EST

Next message: George Joseph: "[PATCH] dts: cubox: Map gpio-keys and pps-gpio to gpio3 8"
Previous message: Liang, Kan: "RE: [PATCH 1/1] perf, tool: partial callgrap and time support in perf record"
In reply to: One Thousand Gnomes: "Re: Trusted kernel patchset"
Next in thread: One Thousand Gnomes: "Re: Trusted kernel patchset"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 16 Mar 2015, Matthew Garrett wrote:

On Mon, 2015-03-16 at 14:45 +0000, One Thousand Gnomes wrote:

On Fri, 13 Mar 2015 11:38:16 -1000
Matthew Garrett <matthew.garrett@xxxxxxxxxx> wrote:

4) Used the word "measured"

Nothing is being measured.

Nothing is being trusted either. It's simple ensuring you probably have
the same holes as before.

Also the boot loader should be measuring the kernel before it runs it,
thats how it knows the signature is correct.

That's one implementation. Another is the kernel being stored on
non-volatile media.

Anything that encourages deploying systems that can't be upgraded to fix bugs that are discovered is a problem.

This is an issue that the Internet of Things folks are just starting to notice, and it's only going to get worse before it gets better.

How do you patch bugs on your non-volitile media? What keeps that mechansim from being abused.

David Lang
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: George Joseph: "[PATCH] dts: cubox: Map gpio-keys and pps-gpio to gpio3 8"
Previous message: Liang, Kan: "RE: [PATCH 1/1] perf, tool: partial callgrap and time support in perf record"
In reply to: One Thousand Gnomes: "Re: Trusted kernel patchset"
Next in thread: One Thousand Gnomes: "Re: Trusted kernel patchset"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]