On Thursday 25 June 2009 07:22:10 Detlev Zundel wrote: > > On Wednesday 24 June 2009 12:45:38 Detlev Zundel wrote: > >> > It is secure because only authenticated code is allowed to be > >> > executed, thus another step to avoid piracy, hacking of conditional > >> > access systems etc. > >> > >> Running only authenticated code does *not* ensure security, no matter > >> how much this is wished for. > >> > >> But no matter, I now understand that "security" seems to mean "data can > >> only be handled in the way intended by the owners of the data" which is > >> a different concept to me. > > > > you ignored my simple straightforward example where both authenticity and > > security is provided. cpu only loads signed u-boot -- authenticity. > > u-boot only loads encrypted signed binaries -- security and authenticity. > > since the binaries stay inside of the CPU, for all practical (and then > > some) purposes, the decrypted binary will never be discovered from this > > system. > > Obviously we differ in what "security" means. Where I used security as > an attribute of a communications channel which seems to be a popular > interpretation in computer science, you interpret "security" to mean > "not discoverable from outside the device". The latter interpretation > is used in the DRM systems trying to rub off the good annotations of > "security" onto those systems - but still it is not synonymous to > "security" for me.
you really should use the standard terms of the trade then, otherwise you will just keep confusing people. http://en.wikipedia.org/wiki/Information_security#Basic_principles -mike
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
