MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
boot
Search

Garrett: Producing a trustworthy x86-based Linux appliance

Wednesday June 2, 2021. 03:53 PM , from LWN.net
Matthew Garrett has written up the long,
complex series of steps required to build an x86 device that only boots
code that the creator wants to run there. 'At this point everything
in the boot process is cryptographically verified, and so should be
difficult to tamper with. Unfortunately this isn't really sufficient - on
x86 systems there's typically no verification of the integrity of the
secure boot database. An attacker with physical access to the system could
attach a programmer directly to the firmware flash and rewrite the secure
boot database to include keys they control. They could then replace the
boot image with one that they've signed, and the machine would happily boot
code that the attacker controlled. We need to be able to demonstrate that
the system booted using the correct secure boot keys, and the only way we
can do that is to use the TPM.'
https://lwn.net/Articles/857935/rss
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Mar, Thu 28 - 15:22 CET