On Thu, Apr 17, 2003 at 10:59:07AM -0400, Adam Agnew wrote:
A lot of things like that in the description weren't implemented by choice. All we've done is to check elf image signatures so far. I think you'd agree that's the only part that was really necessary towards getting an operating system up in a trusted state. As long as you confine execution to elf images, you can continue to chain along.. As far as etherboot goes, same rules. No need to worry about individual packets. I'm just going to check the signature once it all arrives anyway.
I may be missing something (please tell me!) but is there any real point in checking signatures when the checking and the public key isn't done in hardware, like in the X-Box?
If the OS allows a complete write of the memory area where data, signatures or public keys are stored, this allows the administrator to distribute updated versions of the code using only software. It will allow the hacker to do the exact same thing however.
If the OS doesn't allow a complete write of that memory, no automated lowlevel firmware updates will be possible either for root or r00t.
How does it become secure? (Yeah, I should read the patent. Will it answer the question?)
//Peter