*countable infinities only
Gerry Reno
greno at verizon.net
Thu May 31 17:52:18 UTC 2012
On 05/31/2012 01:48 PM, Jon Ciesla wrote:
> On Thu, May 31, 2012 at 12:42 PM, Gerry Reno <greno at verizon.net> wrote:
>> On 05/31/2012 01:34 PM, Jon Ciesla wrote:
>>> On Thu, May 31, 2012 at 12:22 PM, Gerry Reno <greno at verizon.net> wrote:
>>>> On 05/31/2012 01:19 PM, Jon Ciesla wrote:
>>>>> On Thu, May 31, 2012 at 12:16 PM, Gerry Reno <greno at verizon.net> wrote:
>>>>>> On 05/31/2012 01:10 PM, Gregory Maxwell wrote:
>>>>>>> On Thu, May 31, 2012 at 1:07 PM, Gerry Reno <greno at verizon.net> wrote:
>>>>>>>> Could be any of a thousand ways to implement this.
>>>>>>>> Maybe it checks the BIOS to determine whether some SecureBoot flag is set.
>>>>>>> While it pains me to argue with someone on my side— you're incorrect.
>>>>>>> The compromised system would just intercept and emulate or patch out that test.
>>>>>> Then what's missing here is a way for booted OS's to test themselves for integrity.
>>>>> Maybe some sort of cryptographic signature stored in the hardware?
>>>>>
>>>>> <ducks>
>>>>>
>>>>> -J
>>>>>
>>>>> </sarcasm>
>>>>>
>>>> Just not dictated by one monopoly.
>>> Ideally, no. But you see the problem. I'm divided on the solution
>>> myself, but I've yet to see one I feel better about.
>>>
>>> -J
>>>
>>>
>> This game of cat and mouse with the blackhats is not going to end until we have some type of read-only partitions where
>> known good code resides.
> We have that, ISO9660. Known good == known good to whom?
>
>
Nah, can't be iso.
Has to be HDD partitions whose ro/rw state is controlled by hardware.
More information about the devel
mailing list