Ineffective as a DRM / other checking component
Posted Apr 6, 2007 3:12 UTC (Fri) by pimlott
In reply to: Ineffective as a DRM / other checking component
Parent article: Integrity management in the kernel
It isn't intended to protect against vulnerabilities in the kernel (as I read the description), but rather to protect against offline compromise
Then there's no point in verifying checksums except at start-up. The code to do so can either go in the firmware/BIOS, or run in the kernel on boot. The on-line checks may be valuable for detecting errors, but not attacks.
to post comments)