On Wed, Oct 22, 2003 at 08:25:28AM -0700, Alan Mimms wrote:
One thing that encryption in the bootstrap CAN do is prevent Trojan attacks against the kernel image. If attackers can't find out what the encryption key is they can't create a substitute Trojan kernel. It plugs a hole.
That is authorization rather than encryption. For this purpose, public key cryptography is used, so you don't have to have the secret key in the ROM. And the entire image is not encrypted for this purpose, because it needs lots of CPU power. Usually 128 or 160-bit hash is only encrypted.
This is much like Xbox. But who has the secret key is the system admin, not Microsoft.
IMHO the system is already broken so bad when an attacker can replace the boot image. But maybe some real use exists..