Re: [RFC][PATCH 1/3] EVM

From: James Morris (jmorris@private)
Date: Wed Nov 16 2005 - 07:09:38 PST

Previous message: Greg KH: "Re: [RFC][PATCH 1/3] EVM"
In reply to: David Safford: "[RFC][PATCH 1/3] EVM"
Next in thread: David Safford: "Re: [RFC][PATCH 1/3] EVM"
Reply: David Safford: "Re: [RFC][PATCH 1/3] EVM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Tue, 15 Nov 2005, David Safford wrote:

> device driver, based on a trusted boot. Since the kernel master
> key is unsealed by the hardware TPM only as a result of a valid
> trusted boot, and the key is never visible outside the kernel,
> the EVM HMAC attribute cannot be forged in an offline attack.

More comments to follow, but I think this claim is confusing.

If a kernel contains a vulnerability which allows userland to arbitrarily 
access kernel memory, the HMAC could be forged later.

A "trusted" boot here only means that the kernel was not tampered with 
after installation, not that you can trust the kernel.  Verified boot is 
probably a better term.

- James
-- 
James Morris
<jmorris@private>

Previous message: Greg KH: "Re: [RFC][PATCH 1/3] EVM"
In reply to: David Safford: "[RFC][PATCH 1/3] EVM"
Next in thread: David Safford: "Re: [RFC][PATCH 1/3] EVM"
Reply: David Safford: "Re: [RFC][PATCH 1/3] EVM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Wed Nov 16 2005 - 07:10:17 PST