Fair point! It would make it more complicated for an adversary, but not impossible.
On 21 June 2016 at 10:36, ludovic coues <cou...@gmail.com> wrote: > 2016-06-21 9:27 GMT+02:00 Theodoros <theodoro...@gmail.com>: >> Well TPM is a closed hardware-bound system that does this before boot >> (as far as I know). I was asking more for an open (software) system >> for doing so post-boot. >> > > sha512 /boot > > If you do it post-boot, your screwed. If attacker can alter your > bootloader, altering you program checking the bootloader is easy. > > > > > -- > > Cordialement, Coues Ludovic > +336 148 743 42
