*countable infinities only

Gerry Reno greno at verizon.net
Thu May 31 18:08:14 UTC 2012 

On 05/31/2012 01:57 PM, Jon Ciesla wrote:
> On Thu, May 31, 2012 at 12:52 PM, Gerry Reno <greno at verizon.net> wrote:
>> On 05/31/2012 01:48 PM, Jon Ciesla wrote:
>>> On Thu, May 31, 2012 at 12:42 PM, Gerry Reno <greno at verizon.net> wrote:
>>>> On 05/31/2012 01:34 PM, Jon Ciesla wrote:
>>>>> On Thu, May 31, 2012 at 12:22 PM, Gerry Reno <greno at verizon.net> wrote:
>>>>>> On 05/31/2012 01:19 PM, Jon Ciesla wrote:
>>>>>>> On Thu, May 31, 2012 at 12:16 PM, Gerry Reno <greno at verizon.net> wrote:
>>>>>>>> On 05/31/2012 01:10 PM, Gregory Maxwell wrote:
>>>>>>>>> On Thu, May 31, 2012 at 1:07 PM, Gerry Reno <greno at verizon.net> wrote:
>>>>>>>>>> Could be any of a thousand ways to implement this.
>>>>>>>>>> Maybe it checks the BIOS to determine whether some SecureBoot flag is set.
>>>>>>>>> While it pains me to argue with someone on my side— you're incorrect.
>>>>>>>>> The compromised system would just intercept and emulate or patch out that test.
>>>>>>>> Then what's missing here is a way for booted OS's to test themselves for integrity.
>>>>>>> Maybe some sort of cryptographic signature stored in the hardware?
>>>>>>>
>>>>>>> <ducks>
>>>>>>>
>>>>>>> -J
>>>>>>>
>>>>>>> </sarcasm>
>>>>>>>
>>>>>> Just not dictated by one monopoly.
>>>>> Ideally, no.  But you see the problem.  I'm divided on the solution
>>>>> myself, but I've yet to see one I feel better about.
>>>>>
>>>>> -J
>>>>>
>>>>>
>>>> This game of cat and mouse with the blackhats is not going to end until we have some type of read-only partitions where
>>>> known good code resides.
>>> We have that, ISO9660.  Known good == known good to whom?
>>>
>>>
>> Nah, can't be iso.
>>
>> Has to be HDD partitions whose ro/rw state is controlled by hardware.
> Which brings us back to the issue of how the hardware knows what to
> trust for that ro/rw state.

The hardware is under control of the user.

At some point the user has to know what they consider trusted.

During installation from a known good installation source: DVD, network, whatever, the user enables the install to write
on the partition by actively pressing a hardware button that allows the write.   After the installation is finished the
user switches it back to read-only through pressing the hardware button.

The user now has a known good read-only installation to boot from.

.

More information about the devel mailing list