|
Hi Folks, I am currently working in an embedded project that uses Journal for logging. The logging data shall be protected by the Journal’s sealing mechanism FSS and for various reasons the verification key is located unprotected
in memory. Regarding this constellation, my first question is that:
If an attacker knows the verification key, is he able to modify the logging data in such a way that its tempering remains undetected, even if this has happened e.g. one day ago (which means that several new sealing keys
has been generated in the meantime) ? Since sealing is always done for a time interval, my second question is that:
What will happen to the logging data and sealing mechanism when the system clock is suddenly modified? This can e.g. happen, when the board starts first with a default time value and then synchronized after a while by
a time daemon. Regards, Andreas |
Tempering the Logging Data when Knowing the Verification Key / Time Synchronization
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Tempering the Logging Data when Knowing the Verification Key / Time Synchronization
- From: Andreas Krueger <Andreas.Krueger@xxxxxxxxxx>
- Date: Mon, 11 Oct 2021 17:08:59 +0000
- Accept-language: de-DE, en-US
- Cc: Georg Brand <Georg.Brand@xxxxxxxxxx>
- Follow-Ups:
- Re: Tempering the Logging Data when Knowing the Verification Key / Time Synchronization
- From: Lennart Poettering
- Re: Tempering the Logging Data when Knowing the Verification Key / Time Synchronization
- Prev by Date: Re: dm-integrity volume with TPM key?
- Next by Date: Re: Tempering the Logging Data when Knowing the Verification Key / Time Synchronization
- Previous by thread: systemd-networkd DHCP server & DNS
- Next by thread: Re: Tempering the Logging Data when Knowing the Verification Key / Time Synchronization
- Index(es):
 |