On Fri, 3 Sep 2004 03:07, Linas Vepstas <linas(a)austin.ibm.com> wrote:
Well, here's another idle question, again off-topic: Does SELinux
any sort of assurances that storage media weren't tampered with between
No, that is outside the scope of the SE Linux project.
I am one of the many people in Red Hat who are involved in working on crypto
block device support. One of my own systems has a root file system that is
AES encrypted with the kernel and initrd (which includes the decryption key)
on removable media. Eventually I want to see this become a standard feature
of Fedora, maybe in FC4. I think it will address most of what you want in
Note that the NSA guys do not talk to me about any security stuff, so I don't
expect them to have any involvement in such things.
For example, with BIOS/firmware getting more sophisticated over
there's potential for an attacker to break in, remotely, into
bios/firmware, shortly before booting into the OS, and then alter
disk contents. Yes, I know this is far-fetched, but was just curious.
When booting from removable media that contains the decryption key the attack
scenario would be to replace the BIOS with one that sends everything it reads
from disk (IE everything that the boot loader reads) over an Ethernet
A trojan BIOS that modifies the kernel during the boot load process to
introduce a security hole would be doable if you have adequate resources.
My NSA Security Enhanced Linux packages
Bonnie++ hard drive benchmark
Postal SMTP/POP benchmark
My home page