I should have been more precise. It is not the constructor that enables any of this. It is the use of opaque storage.
shap On Fri, 2006-05-19 at 12:12 -0400, Jonathan S. Shapiro wrote: > On Fri, 2006-05-19 at 14:21 +0200, Pierre THIERRY wrote: > > Scribit Bas Wijnen dies 19/05/2006 hora 11:34: > > > Currently, I am root on my computer. There is no way you can let me > > > run a program on a GNU/Linux machine where I am root without allowing > > > me to see the binary. > > > > Would that be different when you are the owner on the constuctor-based > > system? I don't think so. > > Yes. It would be different. In the absence of a TPM chip, the system can > be constructed in such a way that disk forensics (or more simply: > examination of the installation CD) is required. In the *presence* of a > TPM chip, inspection can be prohibited. > > In practice, inspection of the code and initial data probably isn't a > critical issue, and I think that allowing it in general poses no great > difficulties. > > The complicated issue is inspection of runtime state, which definitely > *can* be prevented in a constructor system, with or without the TPM > chip. > > All of this assumes no bus probes. > > shap > > > > _______________________________________________ > L4-hurd mailing list > [email protected] > http://lists.gnu.org/mailman/listinfo/l4-hurd _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
