Bitfrost and dual-boot
Jameson "Chema" Quinn
jquinn at cs.oberlin.edu
Thu May 29 16:35:14 EDT 2008
2008/5/29 <david at lang.hm>:
> On Thu, 29 May 2008, Jameson "Chema" Quinn wrote:
> I just had an IRC conversation with Benjamin Schwarz in which we talked
>> He said that 3,4, and 5 have been considered more serious than 1 and 2;
>> since they are impossible, there is little point doing 1 and 2. I
>> There is no way with current hardware to write-protect the NAND storage,
>> not too much space (<<512K) in the firmware storage. However, it would be
>> possible to hash NAND or some subset thereof, and complain loudly on boot
>> it changed.
> not really, you would have to hash NAND on every shutdown. remember
> everything you do is in thr journal on NAND, and any change (including
> things like a file timestamp, including atime) will invalidate your hash.
> David Lang
> The idea would be to have a separate read-only volume on NAND, which
included everything executable as root (in other words, 90-100% of glucose
and ribose; the kernel, though, is already signed, so could be elsewhere).
Mounting this ro would prevent silly atime breakage, and there could be
strong protections to prevent anything NOT on this volume from being
considered "executable" by root. (Of course, this is not the whole story, as
there are uncountable ways for non-"executable" stuff to compromise
security; but it is a start. It would break any rpm's that only know how to
run as root - but these are broken anyway.)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Devel