On Tue, Jan 21, 2020 at 09:09:16AM +0100, Petr Pisar wrote: > On Tue, Jan 21, 2020 at 12:57:50AM +0000, Matthew Garrett wrote: > > Any thoughts on this? > > > Properly measured system must measure all inputs. If you move the varying > bits from initramfs to another file, a boot loader will have to measure that > another file. At the end that's exactly what GRUB2 does. It measures any > loaded file. Yes, I wrote that code. The point of measurements is to be able to make a policy determination. If the contents of a file aren't security relevant then you don't care about its contents, but you do want to ensure that it ends up in a position where it can't interfere with any other security relevant codepath. In that scenario you want to measure the path, not the contents (or, rather, you can measure both and the policy agent can ignore the contents) > In my opinon, your proposal does not solve the problem. It actually makes > things worse because the booted code would become bigger and probably slower. I'm not clear how that follows. -- Matthew Garrett | mjg59@xxxxxxxxxxxxx _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
