Ineffective as a DRM / other checking component
Posted Apr 3, 2007 14:39 UTC (Tue) by droundy
In reply to: Ineffective as a DRM / other checking component
Parent article: Integrity management in the kernel
It isn't intended to protect against vulnerabilities in the kernel (as I read the description), but rather to protect against offline compromise, as described in the article. This is a real protection, albeit not against the most common threat.
Of course, you might be able to achieve the same safety using BIOS settings that require a password to modify those settings themselves and disable booting from external media, and you lock the box itself with an alarm system (to keep bad guys from removing the hard disk and sticking it in another computer to modify its contents). But that seems a bit more complicated, to me, than just having a chip on the motherboard that stores checksums.
to post comments)