* intrigeri <intrig...@boum.org> wrote: > Michael Prokop wrote (24 Jan 2010 12:50:50 GMT) :
>> But if you're working in IT forensics and/or have special security >> requirements this won't be enough. Someone could prepare a device >> that fullfills the uuid requirements but provides a hacked >> filesystem which does "something you definitely don't want". ;) So >> you need additional ways to make sure you're booting the correct >> filesystem and that's what I'm currently working on. > Could you please give us some hints about the ideas you are > experimenting in this field? I guess you at least need a trusted > kernel / initrd to check the squashfs, else you end up asking a system > to verify itself, which seems to be a dead-end. Right - the kernel and the initrd are the only components you can and actually have to trust. That's why the verification has to happen in the initrd. More details available at a later stage. -mika- -- http://michael-prokop.at/ || http://adminzen.org/ http://grml-solutions.com/ || http://grml.org/ -- To UNSUBSCRIBE, email to debian-live-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
