Clearly we have to hash & check an unknown kernel given to us on a USB drive (say), but is checking the authenticity of the kernel on our flash actually buying us any security? It's much easier to 0wn the system by altering the root fs then by backdooring the kernel. Protecting the root fs by extension protects the kernel images. Unless we're actually going to do a full cryptographic authentication of the entire FS image at every boot, the kernel checking is just security theater.
On the other hand, if we are to boot from an external USB device, we *definitely* need to require an initramfs. We should authenticate the kernel and the initramfs, and then the initramfs must authenticate the rest of the filesystem before allowing boot. I may be missing an essential threat here. Discussion wanted. --scott -- ( http://cscott.net/ ) _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel