LWN.net Logo

Advertisement

TrustCommerce

E-Commerce & credit card processing - the Open Source way!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Interview: Kristen Carlson Accardi

LWN.net Weekly Edition for July 24, 2008

Tracing: no shortage of options

Interview: Wind River's John Bruggeman

LWN.net Weekly Edition for July 17, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Ineffective as a DRM / other checking component

Ineffective as a DRM / other checking component

Posted Apr 6, 2007 3:12 UTC (Fri) by pimlott (subscriber, #1535)
In reply to: Ineffective as a DRM / other checking component by droundy
Parent article: Integrity management in the kernel

It isn't intended to protect against vulnerabilities in the kernel (as I read the description), but rather to protect against offline compromise
Then there's no point in verifying checksums except at start-up. The code to do so can either go in the firmware/BIOS, or run in the kernel on boot. The on-line checks may be valuable for detecting errors, but not attacks.

(Log in to post comments)

Ineffective as a DRM / other checking component

Posted Apr 11, 2007 18:01 UTC (Wed) by droundy (subscriber, #4559) [Link]

Except that it'd be horrifically expensive to checksum the entire system at startup. It looks like this approach would allow a trusted startup without having to check everything.

Ineffective as a DRM / other checking component

Posted Apr 11, 2007 18:19 UTC (Wed) by pimlott (subscriber, #1535) [Link]

Hmm, good point. Lazy evaluation strikes again.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.