|
Ineffective as a DRM / other checking componentIneffective as a DRM / other checking componentPosted Apr 6, 2007 3:12 UTC (Fri) by pimlott (subscriber, #1535)In reply to: Ineffective as a DRM / other checking component by droundy Parent article: Integrity management in the kernel
It isn't intended to protect against vulnerabilities in the kernel (as I read the description), but rather to protect against offline compromiseThen there's no point in verifying checksums except at start-up. The code to do so can either go in the firmware/BIOS, or run in the kernel on boot. The on-line checks may be valuable for detecting errors, but not attacks.
(Log in to post comments)
Ineffective as a DRM / other checking component Posted Apr 11, 2007 18:01 UTC (Wed) by droundy (subscriber, #4559) [Link] Except that it'd be horrifically expensive to checksum the entire system at startup. It looks like this approach would allow a trusted startup without having to check everything.
Ineffective as a DRM / other checking component Posted Apr 11, 2007 18:19 UTC (Wed) by pimlott (subscriber, #1535) [Link] Hmm, good point. Lazy evaluation strikes again.
|
Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.