grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: help installing grub-ima


From: Andrei E. Warkentin
Subject: Re: help installing grub-ima
Date: Tue, 23 Oct 2007 16:21:59 -0500

[1] Well, assuming our hypervirus is not dumb, they would just see that your computer lacks a Treacherous Chip or is not using it, which is
    not very useful.  But of course, this has an easy solution:
- Premise: everyone who's not on TC is therefore running an hypervirus
    - Consequence: let the witch hunt begin!  :-)


...but you expect one. And refuse to boot up without one in a state you expect.

I think the SELinux people might object to that. One of the biggest
problems with security in Linux is that the Linux kernel is not and
cannot be the core root of trust, as it is by far not the first thing
running and is not located on unmodifiable medium.

How can you trust your BIOS if you can't even read its source code, let
alone verify it was built from it?


I agree. Which also, ultimately, why I think legacy BIOS is dead.

Man, those write-once read-many system-measurement registers are just
one step closer to losing the right to read, right?

It's obvious that with computers being general-purpose machines, they cannot take away basic rights. TC is specificaly designed [1] to take away these
rights and turn them into concessions.

[1] Yes, really. If you disagree, please explain why the Owner Override
    proposal (http://www.linuxjournal.com/article/7055) was rejected.


TC is a technology. Like all technology, it has both benign and malignant and antisocial usage cases. I use a kitchen knife to dice veggies for food, while a psycho might use it to stab a room of people. Does this make kitchen knives somehow less desirable within society? I don't think so. Same goes for TC.

Implementing third party access is very different from being able to perform system measurements in the first place. Given a desire to specifically combat antisocial usage scenarios of TC, there is nothing stopping someone from NOT HAVING the 3rd party inspection interfaces in the first place. Or to turn them off. This doesn't affect secure boot or the use of a TPM to ensure system integrity.

Or maybe to
actually be in control of your system from power-on to shell prompt?

Being in control is not the same as trusting someone else who claims to be.

--
Robert Millan

<GPLv2> I know my rights; I want my phone call!
<DRM> What use is a phone call, if you are unable to speak?
(as seen on /.)


_______________________________________________
Grub-devel mailing list
address@hidden
http://lists.gnu.org/mailman/listinfo/grub-devel





reply via email to

[Prev in Thread] Current Thread [Next in Thread]