[Ksummit-discuss] [TOPIC] Secure/verified boot and roots of trust
Andy Lutomirski
luto at amacapital.net
Wed Aug 3 22:39:06 UTC 2016
On Aug 3, 2016 3:09 PM, "James Bottomley" <
James.Bottomley at hansenpartnership.com> wrote:
> >
> > I'm not personally too worried about verifying initramfs -- initramfs
> > is functionally equivalent to the root filesystem, and they ought to
> > be verifiable the same way.
>
> Yes, but if you worry about protecting yourself from hackers, IMA can
> verify no-one tampers with your rootfs; what verifies that no-one
> tampers with your initrd (which is a very powerful instrument to
> subvert a linux boot)?
IMA? Awhile ago I suggested adding tar parsing with xattrs to initramfs,
and I'm not sure what went wrong with that idea.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/ksummit-discuss/attachments/20160803/74877379/attachment.html>
More information about the Ksummit-discuss
mailing list