On Wed, Mar 20, 2013 at 08:00:03AM +, James Bottomley wrote:
> I agree with this. But I do think the volatile secret key scheme, where
> you discard the key immediately after use is the more secure one because
> it relies on fewer secrets (and, indeed, no secrets at all after the
> event). I
On 03/18/2013 08:40 AM, James Bottomley wrote:
> From: James Bottomley
>
> The object here is to make the NV+BS variables accessible (at least read only)
> at runtime so we can get a full picture of the state of the EFI variables for
> debugging and secure boot purposes.
This should definitely b
On Tue, 2013-03-19 at 23:17 +, Matthew Garrett wrote:
> On Tue, Mar 19, 2013 at 11:00:31PM +, James Bottomley wrote:
> > On Tue, 2013-03-19 at 18:50 +, Matthew Garrett wrote:
> > > Well, that somewhat complicates implementation - we'd be encrypting the
> > > entire contents of memory e
On Tue, Mar 19, 2013 at 11:00:31PM +, James Bottomley wrote:
> On Tue, 2013-03-19 at 18:50 +, Matthew Garrett wrote:
> > Well, that somewhat complicates implementation - we'd be encrypting the
> > entire contents of memory except for the key that we're using to encrypt
> > memory. Keeping
On Tue, 2013-03-19 at 18:50 +, Matthew Garrett wrote:
> On Tue, Mar 19, 2013 at 06:40:56PM +, James Bottomley wrote:
> > On Tue, 2013-03-19 at 18:28 +, Matthew Garrett wrote:
> > > It requires the key to survive the system being entirely powered down,
> > > which means it needs to be B
On Tue, Mar 19, 2013 at 06:40:56PM +, James Bottomley wrote:
> On Tue, 2013-03-19 at 18:28 +, Matthew Garrett wrote:
> > It requires the key to survive the system being entirely powered down,
> > which means it needs to be BS+NV. It shouldn't be possible for userspace
> > to access this k
On Tue, 2013-03-19 at 18:28 +, Matthew Garrett wrote:
> On Tue, Mar 19, 2013 at 06:23:31PM +, James Bottomley wrote:
>
> > The scheme we discussed, unless something radically changed, was to
> > convey a temporary key pair via a mechanism to later verify the
> > hybernate kernel on a resum
On Tue, Mar 19, 2013 at 06:23:31PM +, James Bottomley wrote:
> The scheme we discussed, unless something radically changed, was to
> convey a temporary key pair via a mechanism to later verify the
> hybernate kernel on a resume. That only requires reboot safe knowledge
> of the public key. T
On Tue, 2013-03-19 at 17:25 +, Matthew Garrett wrote:
> On Tue, Mar 19, 2013 at 05:17:27PM +, James Bottomley wrote:
> > On Tue, 2013-03-19 at 16:35 +, Matthew Garrett wrote:
> > > On Tue, Mar 19, 2013 at 08:14:45AM +, James Bottomley wrote:
> > >
> > > > Any security assumptions t
On Tue, Mar 19, 2013 at 05:17:27PM +, James Bottomley wrote:
> On Tue, 2013-03-19 at 16:35 +, Matthew Garrett wrote:
> > On Tue, Mar 19, 2013 at 08:14:45AM +, James Bottomley wrote:
> >
> > > Any security assumptions that rely on inability to read certain
> > > information aren't reall
On Tue, 2013-03-19 at 16:35 +, Matthew Garrett wrote:
> On Tue, Mar 19, 2013 at 08:14:45AM +, James Bottomley wrote:
>
> > Any security assumptions that rely on inability to read certain
> > information aren't really going to be that secure. Inability to modify,
> > sure, but inability to
On Tue, Mar 19, 2013 at 08:14:45AM +, James Bottomley wrote:
> Any security assumptions that rely on inability to read certain
> information aren't really going to be that secure. Inability to modify,
> sure, but inability to read, not really.
Well, I guess that's public/private key cryptogr
On Tue, 2013-03-19 at 01:48 +, Matthew Garrett wrote:
> On Mon, Mar 18, 2013 at 08:40:14AM +, James Bottomley wrote:
>
> > The object here is to make the NV+BS variables accessible (at least read
> > only)
> > at runtime so we can get a full picture of the state of the EFI variables
> >
On Mon, Mar 18, 2013 at 08:40:14AM +, James Bottomley wrote:
> The object here is to make the NV+BS variables accessible (at least read only)
> at runtime so we can get a full picture of the state of the EFI variables for
> debugging and secure boot purposes.
I'd really prefer not to do this
From: James Bottomley
The object here is to make the NV+BS variables accessible (at least read only)
at runtime so we can get a full picture of the state of the EFI variables for
debugging and secure boot purposes.
The way this is done is to get the efi stub to pull all the NV+BS
(i.e. variables
15 matches
Mail list logo
