Eric Murray
Fri, 22 Jun 2001 13:05:24 -0700
On Fri, Jun 22, 2001 at 10:00:35PM +0200, Patrick Valsecchi wrote: > The user will be able to change the code, that's not the matter, but it wont be > able to run it on my customer's hardware. That's the point. And I don't this it > goes against any law neither any license. > > I'm sure it doesn't go against any GPL spirit. It's even possible that my > source will be partly available. It depends on the customer. But for the > modified kernel parts, I'll have to publish it or I'll go against the Linux > licence. > > For the CRC stuff, it was what I meant. Aren't CRC algorithms easy to reverse? So an attacker could generate his own program and simply add some bogus code at the end that'll make the CRC come out the same as an existing program... then steal the signed CRC from the approved program and use it. A keyed cryptographic hash (i.e. HMAC) would be more secure. But slower than CRC. Sha-1 or RIPEMD-160 in hardware might speed that up. If you use the smartcard to verify the kernel's signature, the kernel could then verify the signatures of programs instead of sending them all (or just their signed CRCs) to the smartcard. Since smartcards are slow, this would speed up loading. Tivo does something similar (linux that end-users aren't supposed to play with), you might check out what people are saying about them. Eric *************************************************************** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***************************************************************