On Tue, 04 Feb 2020 20:57:24 -0600, WyoFlippa said: > I'm actually happy with the existing boot schemes. In this case, the > driver is going to validate a signed image (U-Boot or Linux) before it > is programmed into the flash memory. Although the image is validated > when booting, it is one additional check to avoid surprises. Is there a reason you're trying to do it from a driver rather than from userspace? Under what realistic conditions will the kernel be trustable to do the validation while userspace isn't? What's the threat model here - in other words, what attack(s) are you trying to stop? (This is a lot trickier than it looks - over the decades, I've seen plenty of "Let's do this cargo-cult thing to stop attack X", while overlooking the fact that any attacker who can do X can equally easily do Y and still pwn the entire box.....)
Attachment:
pgptrOgk3RrqX.pgp
Description: PGP signature
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
