From: Andi Kleen <andi@firstfloor.org>
To: Tasos Parisinos <t.parisinos@sciensis.com>
Cc: Andi Kleen <andi@firstfloor.org>,
herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org,
randy.dunlap@oracle.com, indan@nul.nu
Subject: Re: [PATCH resend][CRYPTO]: RSA algorithm patch
Date: Mon, 2 Apr 2007 15:28:20 +0200 [thread overview]
Message-ID: <20070402132820.GA28983@one.firstfloor.org> (raw)
In-Reply-To: <4610EDF9.9000601@sciensis.com>
> The main purpose behind the creation of this module was to create the
> cryptographic infrastructure to develop an in-kernel system of signed
> modules.
So how do you plan to close the various interfaces that allow access to kernel
memory?
I would suggest to discuss the high level design first before submitting
code.
>
> The best environment to deploy such functionality is in updating by remote,
> executable code (programs, libs and modules) on embedded devices running
> Linux, that have some form of kernel physical security, so one can't
How would that physical security look like? Would it include DMA
protection?
For example to do any useful form of graphics you need
user controllable DMA, which can normally touch everything.
There are various other similar "backdoors" for root.
I'm somewhat sceptical because all kernels will need access
to the direct mapping to operate and there are also various
interfaces that can be as root (ab)used to change it.
And when you can do that they can change function pointers
and jump to arbitary code or change the kernel page tables
and map arbitary code.
Disallowing all this would probably end up with a quite
useless kernel.
> There are already some systems that implement and utilize such
> functionality that
> use windows platforms, and other Linux distros that use userland
Yes, at least the Vista variant was just broken. And its designers spent
a lot of effort on it, but it didn't help.
-Andi
next prev parent reply other threads:[~2007-04-02 13:28 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-04-02 9:52 [PATCH resend][CRYPTO]: RSA algorithm patch Tasos Parisinos
2007-04-02 12:27 ` Andi Kleen
2007-04-02 11:50 ` Tasos Parisinos
2007-04-02 13:28 ` Andi Kleen [this message]
2007-04-02 15:10 ` Tasos Parisinos
2007-04-02 15:28 ` Andi Kleen
2007-04-03 16:03 ` Pavel Machek
2007-04-04 9:55 ` Tasos Parisinos
2007-04-04 12:01 ` Pavel Machek
2007-04-06 21:30 ` Bill Davidsen
2007-04-06 23:06 ` Indan Zupancic
2007-04-07 3:53 ` Bill Davidsen
2007-04-11 10:14 ` Tasos Parisinos
2007-04-11 14:37 ` Indan Zupancic
2007-04-12 8:34 ` Tasos Parisinos
2007-04-12 9:35 ` Satyam Sharma
2007-04-12 12:22 ` Indan Zupancic
2007-04-12 12:40 ` Andi Kleen
2007-04-12 14:20 ` Satyam Sharma
2007-04-12 15:01 ` Indan Zupancic
2007-04-12 18:38 ` Satyam Sharma
2007-04-12 19:05 ` Indan Zupancic
2007-04-12 19:57 ` Satyam Sharma
2007-04-12 20:44 ` Indan Zupancic
2007-04-12 21:13 ` Satyam Sharma
2007-04-12 22:51 ` Indan Zupancic
2007-04-12 21:28 ` David Wagner
2007-04-12 23:31 ` Indan Zupancic
2007-04-13 13:56 ` Tasos Parisinos
2007-04-12 13:09 ` Indan Zupancic
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070402132820.GA28983@one.firstfloor.org \
--to=andi@firstfloor.org \
--cc=herbert@gondor.apana.org.au \
--cc=indan@nul.nu \
--cc=linux-kernel@vger.kernel.org \
--cc=randy.dunlap@oracle.com \
--cc=t.parisinos@sciensis.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox