Kernel drivers and IOCTLs
Valdis Kl=?utf-8?Q?=c4=93?=tnieks
valdis.kletnieks at vt.edu
Tue Feb 4 23:01:03 EST 2020
On Tue, 04 Feb 2020 20:57:24 -0600, WyoFlippa said:
> I'm actually happy with the existing boot schemes. In this case, the
> driver is going to validate a signed image (U-Boot or Linux) before it
> is programmed into the flash memory. Although the image is validated
> when booting, it is one additional check to avoid surprises.
Is there a reason you're trying to do it from a driver rather than from userspace?
Under what realistic conditions will the kernel be trustable to do the validation
while userspace isn't? What's the threat model here - in other words, what
attack(s) are you trying to stop? (This is a lot trickier than it looks - over the
decades, I've seen plenty of "Let's do this cargo-cult thing to stop attack X",
while overlooking the fact that any attacker who can do X can equally easily
do Y and still pwn the entire box.....)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20200204/e6b30943/attachment.sig>
More information about the Kernelnewbies
mailing list