reposted in plain text.. On Sun, May 29, 2011 at 9:58 AM, Pavel Machek <pavel@xxxxxx> wrote: > > chattr already protects authenticity of my files, as do standard unix > permissions. > > So... where's the difference? > chattr only protects against runtime attacks. That is Access Control feature - not integrity. > Pavel > (*) but it does not change anything. > > True; determined attacker could steal my cellphone, open it up, > desolder the flash, and change attributes of the filesystem. > > But... the same determined attacker can also replace > bootloader&kernel&filesystem -- that is in the same flash! -- with > unlocked versions. So the argumentation is the same for locked down > phone. > That is completely incorrect in respect to locked/protected devices. Chain of trust starts from ROM. Bootloader is authenticated by the ROM and that will not allow to boot the device. Next bootloader will authenticate the kernel and display the message on the screen if it has been tampered. And the next, authentic kernel will enforce filesystem integrity protection using EVM. The important use case is not to lock down phone against yourself, but to protect normal users against possibility to sell/give them devices with not authentic software which could do different nasty things, like stealing the data or spying. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html