| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 Jun 2007 13:43:32 -0400 From: lsorense@...lub.uwaterloo.ca (Lennart Sorensen) To: david@...g.hm Cc: Michael Poole <mdpoole@...ilus.org>, "H. Peter Anvin" <hpa@...or.com>, Tomas Neme <lacrymology@...il.com>, "Linux-Kernel@...r. Kernel. Org" <linux-kernel@...r.kernel.org> Subject: Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3 On Thu, Jun 21, 2007 at 10:26:04AM -0700, david@...g.hm wrote: > the bios doesn't have enough capability to talk to the outside world for > updates. Of course, although perhaps it could. More likely my thought was that the service when it decides to download an update, would include the updated bios image and put it on the boot drive where the existing bios can find it. No signature needs to be added to the boot drive or kernel, just checksums in the bios image. > what tivo actually does is very similar to this > > they encode into the bios the ability to check a checksum/signature for > the kernel+boot filesystem and if they don't match look to see if there is > another kernel+boot filesystem available > > then software on the boot filesystem checks to see if the rest of the > system has been tampered with before it mounts / > > the GPLv3 is trying to do this. Perhaps they should just explicitly say that then. -- Len Sorensen - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists