[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Linux DRTM on UEFI platforms
From: |
Matthew Garrett |
Subject: |
Re: Linux DRTM on UEFI platforms |
Date: |
Fri, 8 Jul 2022 05:56:38 +0100 |
User-agent: |
Mutt/1.10.1 (2018-07-13) |
On Fri, Jul 08, 2022 at 01:06:19PM +0930, Brendan Trotter wrote:
> This leaves me wondering what your true motivation is. Are you trying
> to benefit GRUB/Trenchboot (at the expense of security, end-user
> convenience, distro installer hassle, etc); or trying to manufacture
> scope for future man-in-the middle attacks (by promoting a solution
> that requires something between firmware and kernel)?
The described mechanism doesn't require trusting the code that's in the
middle - if the state is perturbed by this code, the measurements will
be different, and the system will be untrusted. I agree that this
implementation is more complicated than just leaving it all up to the
kernel, but I'm having a *lot* of trouble seeing how this has any impact
on its security. Jumping immediately to impugning the motivation of the
people involved is entirely inappropriate.