From: "Valdis Klētnieks" <valdis.kletnieks@vt.edu>
To: WyoFlippa <wyoflippa@gmail.com>
Cc: kernelnewbies@kernelnewbies.org
Subject: Re: Kernel drivers and IOCTLs
Date: Tue, 04 Feb 2020 23:01:03 -0500 [thread overview]
Message-ID: <165172.1580875263@turing-police> (raw)
In-Reply-To: <dd126362-b9bb-7c89-24b1-42ccb04cc430@gmail.com>
[-- Attachment #1.1: Type: text/plain, Size: 855 bytes --]
On Tue, 04 Feb 2020 20:57:24 -0600, WyoFlippa said:
> I'm actually happy with the existing boot schemes. In this case, the
> driver is going to validate a signed image (U-Boot or Linux) before it
> is programmed into the flash memory. Although the image is validated
> when booting, it is one additional check to avoid surprises.
Is there a reason you're trying to do it from a driver rather than from userspace?
Under what realistic conditions will the kernel be trustable to do the validation
while userspace isn't? What's the threat model here - in other words, what
attack(s) are you trying to stop? (This is a lot trickier than it looks - over the
decades, I've seen plenty of "Let's do this cargo-cult thing to stop attack X",
while overlooking the fact that any attacker who can do X can equally easily
do Y and still pwn the entire box.....)
[-- Attachment #1.2: Type: application/pgp-signature, Size: 832 bytes --]
[-- Attachment #2: Type: text/plain, Size: 170 bytes --]
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
prev parent reply other threads:[~2020-02-05 4:01 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-22 4:27 Kernel drivers and IOCTLs WyoFlippa
2020-01-22 19:04 ` Greg KH
2020-01-23 16:49 ` Valdis Klētnieks
2020-02-05 2:57 ` WyoFlippa
2020-02-05 4:01 ` Valdis Klētnieks [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=165172.1580875263@turing-police \
--to=valdis.kletnieks@vt.edu \
--cc=kernelnewbies@kernelnewbies.org \
--cc=wyoflippa@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.