User: Password:
Subscribe / Log in / New account

Doesn't do so much for remote verification

Doesn't do so much for remote verification

Posted May 28, 2005 19:09 UTC (Sat) by Ross (guest, #4065)
In reply to: Doesn't do so much for remote verification by stephen_pollei
Parent article: The Integrity Measurement Architecture

However they can't protect against an untrusted system feeding the hardware
the checksums that would exist, in the correct order, on a trusted system.
The untrusted system simply lies to itself. Unless this hardware actually
scanned through all of RAM I don't see how it could avoid this -- it relies
on something external to perform the checksums.

Thus the remote attestation feature can only be trusted when the system is
not compromized before running the trusted IMA module, which is a severe
limitation when you are talking about systems that people have physical
access to.

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds