From: "Valdis Klētnieks" <valdis.kletnieks@vt.edu>
To: WyoFlippa <wyoflippa@gmail.com>
Cc: kernelnewbies@kernelnewbies.org
Subject: Re: Kernel drivers and IOCTLs
Date: Tue, 04 Feb 2020 23:01:03 -0500 [thread overview]
Message-ID: <165172.1580875263@turing-police> (raw)
In-Reply-To: <dd126362-b9bb-7c89-24b1-42ccb04cc430@gmail.com>
[-- Attachment #1.1: Type: text/plain, Size: 855 bytes --]
On Tue, 04 Feb 2020 20:57:24 -0600, WyoFlippa said:
> I'm actually happy with the existing boot schemes. In this case, the
> driver is going to validate a signed image (U-Boot or Linux) before it
> is programmed into the flash memory. Although the image is validated
> when booting, it is one additional check to avoid surprises.
Is there a reason you're trying to do it from a driver rather than from userspace?
Under what realistic conditions will the kernel be trustable to do the validation
while userspace isn't? What's the threat model here - in other words, what
attack(s) are you trying to stop? (This is a lot trickier than it looks - over the
decades, I've seen plenty of "Let's do this cargo-cult thing to stop attack X",
while overlooking the fact that any attacker who can do X can equally easily
do Y and still pwn the entire box.....)
[-- Attachment #1.2: Type: application/pgp-signature, Size: 832 bytes --]
[-- Attachment #2: Type: text/plain, Size: 170 bytes --]
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
prev parent reply other threads:[~2020-02-05 4:01 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-22 4:27 Kernel drivers and IOCTLs WyoFlippa
2020-01-22 19:04 ` Greg KH
2020-01-23 16:49 ` Valdis Klētnieks
2020-02-05 2:57 ` WyoFlippa
2020-02-05 4:01 ` Valdis Klētnieks [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=165172.1580875263@turing-police \
--to=valdis.kletnieks@vt.edu \
--cc=kernelnewbies@kernelnewbies.org \
--cc=wyoflippa@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).