Posted Sep 22, 2011 16:02 UTC (Thu) by felixfix (subscriber, #242)
Parent article: dm-verity
I am probably especially dense this morning, and had some trouble understanding dm-verity in detail; seems like a fancy way to verify some blocks on the disk. There has been some kind of splicing mechanism in kernels for a while, useful for upgrading a running kernel without reboot. Even if the disk kernel is verified, if it includes splicing, couldn't a splice be executed after dm-verity has said ok?
If the only use for this is embedded systems which only upgrade on command from the mother ship, that's one thing. But if Netflix has any interest in streaming movies to bog-standard PCs running Linux, I wonder how long before a splice starts circulating to disable DRM after dm-verity has been run. I suppose the truth is that there are probably a zillion ways to defeat DRM on a standard Linux PC, so splicing wouldn't be necessary.