Re: Trusted kernel patchset for Secure Boot lockdown

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2014-03-14 at 13:37 -0700, David Lang wrote:
> On Fri, 14 Mar 2014, Matthew Garrett wrote:
> > As an example, imagine a platform with the bootloader and kernel on
> > read-only media. The platform can assert that the kernel is trusted even
> > if there's no measurement of the kernel.
> 
> Trusted by who?

The platform. If you don't trust the platform's ability to make that
decision then that's something that informs your own behaviour, not the
platform's.

> Alan is saying measured because then if it matches what the owner of that device 
> intends it's trusted, but just because you trust it doesn't mean that I trust 
> it, and it doesn't mean that the russian government should trust it, etc.

"Measured" has a specific meaning. If you trust a file based on its
source rather than some property of the file itself, you're not
measuring it.

-- 
Matthew Garrett <matthew.garrett@xxxxxxxxxx>
��.n��������+%������w��{.n�����{����*jg��������ݢj����G�������j:+v���w�m������w�������h�����٥





[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux