Random comments on LinuxBIOS
Eric W. Biederman
ebiederman at lnxi.com
Thu Apr 17 11:11:00 CEST 2003
Adam Agnew <agnew at cs.umd.edu> writes:
> A lot of things like that in the description weren't implemented by
> choice. All we've done is to check elf image signatures so far. I think
> you'd agree that's the only part that was really necessary towards
> getting an operating system up in a trusted state. As long as you
> confine execution to elf images, you can continue to chain along.. As far
> as etherboot goes, same rules. No need to worry about individual packets.
> I'm just going to check the signature once it all arrives anyway.
Ok interesting. The implemented code base is quite different from
the description in the patent :)
In the etherboot case there is a bit of vulnerability with respect
to replay attacks where an attacker could trick the software into
loading and old but buggy but previously signed image.
> > And the description does not address when the system has exploitable
> > bugs. In particular systems like the X-box can be compromised with buffer
> > overflows and other security standard security holes. Allowing an untrusted
> > application to gain special privileges on the machine.
> Right, we trust that the components are signed and therefor an authority
> intended to grant the component permission to run on the machine. It does
> not mean that we trust the new component not to break the chain of trust,
> or be bug ridden. Why, we even thought about "trusting" certain closed
> operating systems!
Yep, my main goal here was to understand the limitations. A lot of
the noise you hear from other systems talking about trusted booting
seems to promise the world.
More information about the coreboot