Early boot, activation, upgrades
C. Scott Ananian
cscott at cscott.net
Tue Jul 10 17:54:09 EDT 2007
Clearly we have to hash & check an unknown kernel given to us on a USB
drive (say), but is checking the authenticity of the kernel on our
flash actually buying us any security? It's much easier to 0wn the
system by altering the root fs then by backdooring the kernel.
Protecting the root fs by extension protects the kernel images.
Unless we're actually going to do a full cryptographic authentication
of the entire FS image at every boot, the kernel checking is just
security theater.
On the other hand, if we are to boot from an external USB device, we
*definitely* need to require an initramfs. We should authenticate the
kernel and the initramfs, and then the initramfs must authenticate the
rest of the filesystem before allowing boot.
I may be missing an essential threat here. Discussion wanted.
--scott
--
( http://cscott.net/ )
More information about the Devel
mailing list