lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Thu, 2 Jun 2011 01:11:11 +0300
From:	Dmitry Kasatkin <dmitry.s.kasatkin@...il.com>
To:	Pavel Machek <pavel@....cz>
Cc:	David Safford <safford@...son.ibm.com>,
	Mimi Zohar <zohar@...ux.vnet.ibm.com>,
	Casey Schaufler <casey@...aufler-ca.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	linux-security-module@...r.kernel.org,
	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
	James Morris <jmorris@...ei.org>, Greg KH <greg@...ah.com>,
	Dmitry Kasatkin <dmitry.kasatkin@...ia.com>
Subject: Re: [PATCH v5 00/21] EVM

reposted in plain text..

On Sun, May 29, 2011 at 9:58 AM, Pavel Machek <pavel@....cz> wrote:
>
> chattr already protects authenticity of my files, as do standard unix
> permissions.
>
> So... where's the difference?
>

chattr only protects against runtime attacks.
That is Access Control feature - not integrity.

>                                                                Pavel
> (*) but it does not change anything.
>
> True; determined attacker could steal my cellphone, open it up,
> desolder the flash, and change attributes of the filesystem.
>
> But... the same determined attacker can also replace
> bootloader&kernel&filesystem -- that is in the same flash! -- with
> unlocked versions. So the argumentation is the same for locked down
> phone.
>

That is completely incorrect in respect to locked/protected devices.
Chain of trust starts from ROM.
Bootloader is authenticated by the ROM and that will not allow to boot
the device.
Next bootloader will authenticate the kernel and display the message
on the screen
if it has been tampered.
And the next, authentic kernel will enforce filesystem integrity
protection using EVM.

The important use case is not to lock down phone against yourself,
but to protect normal users against possibility to sell/give them devices with
not authentic software which could do different nasty things, like
stealing the data or spying.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ