|
From: | phcoder |
Subject: | Re: GRUB hardened boot framework |
Date: | Sat, 28 Feb 2009 00:16:42 +0100 |
User-agent: | Thunderbird 2.0.0.19 (X11/20090105) |
Yes it can be done. Most common way is to attach a mac to every sector (like a signature but uncheckable without the key). One could also implement mac on filesystems like btrfs. It doesn't solve all the problems however. It can't be used e.g. for checking authenticity of files received through network. IMO both approaches are important and we should provide the basic interface for both. Then people who are interested in implementing it can do it in a clean way which fits the general design.I stand corrected; But in that case, measurement can still be implemented at the filesystem level?
-- Regards Vladimir 'phcoder' Serbinenko
[Prev in Thread] | Current Thread | [Next in Thread] |