Amon Wrote: > My concern is to get control as early as possible and then keep it until > system is switched off. This is still my own biggest issue. There are certain times when a system is less vulnerable (while booting before init rolls and the interfaces open up, for example.) While absolute trust and a self-defending bootstrap sequence is desirable (and out of the scope of this discussion), getting that security module up and on guard before anything that is not absolutely necessary loads is critical. Lots of services are not available at the early points, but, those that are can be used by a smart module to help protect the rest of the boot. Once that module's in place, i'd think it'd pretty much defend vmlinuz and /proc/kmem and anything else "hardware". If it's ultimately successful, the BIOS flash and kernel mangle become extremely unlikely, once it's awake. Agreed: it ain't perfect, but the earlier the better. Any thoughts on the "absolute earliest" this could be accomplished? Maybe a SecureLilo or "first thing on the agenda" for the kernel itself? Thanks, J. Melvin Jones |>------------------------------------------------------ || J. MELVIN JONES jmjonesat_private |>------------------------------------------------------ || Microcomputer Systems Consultant || Software Developer || Web Site Design, Hosting, and Administration || Network and Systems Administration |>------------------------------------------------------ || http://www.jmjones.com/ |>------------------------------------------------------ _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Apr 20 2001 - 13:10:21 PDT