Early boot, activation, upgrades
C. Scott Ananian
cscott at cscott.net
Sat Jul 14 09:07:53 EDT 2007
On 7/14/07, Ivan Krstić <krstic at solarsail.hcs.harvard.edu> wrote:
> On Jul 10, 2007, at 5:54 PM, C. Scott Ananian wrote:
> > Unless we're actually going to do a full cryptographic authentication
> > of the entire FS image at every boot, the kernel checking is just
> > security theater.
> I missed this message when originally following the thread. This is
> incorrect. Verifying the integrity of the kernel and the initramfs is
> necessary and sufficient for guaranteeing that the anti-theft daemon
> gets started in a container that cannot be killed. Making theft non-
> trivial is the entire point behind the crypto dance; if that is met,
> we don't care whether the rest of the FS is modified.
This seems to imply a much beefier initramfs than is currently the
case, and one that is invoked on every boot.
( http://cscott.net/ )
More information about the Devel