Kernel Newbies archive on lore.kernel.org
 help / color / Atom feed
From: "Valdis Klētnieks" <valdis.kletnieks@vt.edu>
To: WyoFlippa <wyoflippa@gmail.com>
Cc: kernelnewbies@kernelnewbies.org
Subject: Re: Kernel drivers and IOCTLs
Date: Tue, 04 Feb 2020 23:01:03 -0500
Message-ID: <165172.1580875263@turing-police> (raw)
In-Reply-To: <dd126362-b9bb-7c89-24b1-42ccb04cc430@gmail.com>

[-- Attachment #1.1: Type: text/plain, Size: 855 bytes --]

On Tue, 04 Feb 2020 20:57:24 -0600, WyoFlippa said:

> I'm actually happy with the existing boot schemes. In this case, the
> driver is going to validate a signed image (U-Boot or Linux) before it
> is programmed into the flash memory. Although the image is validated
> when booting, it is one additional check to avoid surprises.

Is there a reason you're trying to do it from a driver rather than from userspace?

Under what realistic conditions will the kernel be trustable to do the validation
while userspace isn't? What's the threat model here - in other words, what
attack(s) are you trying to stop?  (This is a lot trickier than it looks - over the
decades, I've seen plenty of "Let's do this cargo-cult thing to stop attack X",
while overlooking the fact that any attacker who can do X can equally easily
do Y and still pwn the entire box.....)


[-- Attachment #1.2: Type: application/pgp-signature, Size: 832 bytes --]

[-- Attachment #2: Type: text/plain, Size: 170 bytes --]

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

      reply index

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-01-22  4:27 WyoFlippa
2020-01-22 19:04 ` Greg KH
2020-01-23 16:49 ` Valdis Klētnieks
2020-02-05  2:57   ` WyoFlippa
2020-02-05  4:01     ` Valdis Klētnieks [this message]

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=165172.1580875263@turing-police \
    --to=valdis.kletnieks@vt.edu \
    --cc=kernelnewbies@kernelnewbies.org \
    --cc=wyoflippa@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Kernel Newbies archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/kernelnewbies/0 kernelnewbies/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 kernelnewbies kernelnewbies/ https://lore.kernel.org/kernelnewbies \
		kernelnewbies@kernelnewbies.org
	public-inbox-index kernelnewbies

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernelnewbies.kernelnewbies


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git