Re: Trusted kernel patchset for Secure Boot lockdown

[One Thousand Gnomes]

On Fri, 14 Mar 2014 19:24:55 +0000
Matthew Garrett <matthew.garrett@xxxxxxxxxx> wrote:

> On Fri, 2014-03-14 at 14:11 -0400, Matthew Garrett wrote:
> 
> > The fact that you keep saying measured really does make me suspect that
> > you misunderstand the problem. There's no measurement involved, there's
> > simply an assertion that the firmware (which you're forced to trust)
> > chose, via some policy you may be unaware of, to trust the booted
> > kernel.
> 
> As an example, imagine a platform with the bootloader and kernel on
> read-only media. The platform can assert that the kernel is trusted even
> if there's no measurement of the kernel.

Only if you have a secure signed path through the controller firmware and
physical security of the hardware. If not I can reprogram your BIOS, your
GPU firmware, your USB stick or your CD-ROM controller to lie.

Anything must either be measurable or tamperproof from within the system
itself (or both). So a physically write protected ROM bootloader loading
a kernel and initrd from that same physically protected ROM is secure,
but your average CD-ROM drive is not.

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/