UsrMove feature (was Re: FESCo meeting minutes for 2011-10-24)

Przemek Klosowski przemek.klosowski at nist.gov
Tue Oct 25 16:30:16 UTC 2011


On 10/25/2011 11:30 AM, Till Maas wrote:
> On Tue, Oct 25, 2011 at 01:45:45PM +0200, Christoph Trassl wrote:
>> On 10/25/2011 09:33 AM, Michal Hlavinka wrote:
>>> On 10/25/2011 09:30 AM, Harald Hoyer wrote:
>>>> On 10/25/2011 09:15 AM, Harald Hoyer wrote:
>>>>> It's not only an aesthetic issue. This enables possibilities,
>>>>> which were not doable before.
>>> ...
>>>> - mount rootfs encrypted
>>>> - mount /usr not encrypted (no secrets here)
>>>
>>> this is already possible, I use this setup for a long time.
>>
>> Does not seem to make any sense to me, unless you verify that no one has
>> messed with your binaries/libraries in /usr.
>
> Does not seem to make any sense to me, unless you verify that no one has
> messed with your kernel/bootloader in /boot or /dev/sda.

Which in turn requires verifying that the BIOS hasn't been tampered 
with. TSA anyone?


More information about the devel mailing list