I stand corrected; But in that case, measurement can still be implemented
at the filesystem level?
Yes it can be done. Most common way is to attach a mac to every sector
(like a signature but uncheckable without the key). One could also
implement mac on filesystems like btrfs. It doesn't solve all the
problems however. It can't be used e.g. for checking authenticity of
files received through network. IMO both approaches are important and we
should provide the basic interface for both. Then people who are
interested in implementing it can do it in a clean way which fits the
general design.
--
Regards
Vladimir 'phcoder' Serbinenko
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
