| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 Oct 2008 11:14:51 -0700 From: Chris Wright <chrisw@...s-sol.org> To: Pavel Machek <pavel@...e.cz> Cc: Chris Wright <chrisw@...s-sol.org>, "Cihula, Joseph" <joseph.cihula@...el.com>, linux-kernel@...r.kernel.org, "Wang, Shane" <shane.wang@...el.com>, "Wei, Gang" <gang.wei@...el.com>, "Van De Ven, Arjan" <arjan.van.de.ven@...el.com>, "Mallick, Asit K" <asit.k.mallick@...el.com>, "Nakajima, Jun" <jun.nakajima@...el.com>, Chris Wright <chrisw@...hat.com>, Jan Beulich <jbeulich@...ell.com>, mingo@...e.hu, tytso@....edu Subject: Re: [RFC][PATCH 0a/3] TXT: Intel(R) Trusted Execution Technology support for Linux - Overview * Pavel Machek (pavel@...e.cz) wrote: > I have never used trusted boot and I'm not sure I want to. Why would I > want to do that? So that you can reason that you've booted kernel/initrd that you wanted to (and have established a root of trust for follow-on, like Joe's IMA example), and in the case that you didn't (say bluepill), you have a policy in place to handle it. > You exit/reenter the trusted mode accross sleep... so any guarantees > "trusted" mode does are void, right? You exit from kernel to tboot on any shutdown, which handles the proper teardown of the measured env (meaning you also come back on via tboot). So things like saving tpm state, scrubbing secrets from memory, etc. thanks, -chris -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists