Hosting Provided By

Re: full drive encryption - check /boot for manipulation

From: Florian Weimer <fw(at)deneb.enyo.de>
Date: Thu Oct 18 2007 - 17:09:21 EDT

Michael Heide:

> It simply checks the md5sum of all files in /boot and if there are new
> or vanished files. It has to be run after every kernel update,
> needless to say.

This doesn't help much against manipulation of /boot. You need some kind of trusted boot environment, as provided by one of the original TPM/TCPA proposals.

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Thu Oct 18 17:10:01 2007

This message: [ Message body ]
Next message: Michel Messerschmidt: "Re: full drive encryption - check /boot for manipulation"
Previous message: Michael Heide: "full drive encryption - check /boot for manipulation"
In reply to: Michael Heide: "full drive encryption - check /boot for manipulation"
Next in thread: Michel Messerschmidt: "Re: full drive encryption - check /boot for manipulation"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:54:13 EDT