On Fri, Jun 22, 2001 at 10:00:35PM +0200, Patrick Valsecchi wrote:
> The user will be able to change the code, that's not the matter, but it wont be
> able to run it on my customer's hardware. That's the point. And I don't this it
> goes against any law neither any license.
>
> I'm sure it doesn't go against any GPL spirit. It's even possible that my
> source will be partly available. It depends on the customer. But for the
> modified kernel parts, I'll have to publish it or I'll go against the Linux
> licence.
>
> For the CRC stuff, it was what I meant.
Aren't CRC algorithms easy to reverse? So an attacker
could generate his own program and simply add some bogus code
at the end that'll make the CRC come out the same as an existing
program... then steal the signed CRC from the approved program
and use it.
A keyed cryptographic hash (i.e. HMAC) would be more secure. But
slower than CRC. Sha-1 or RIPEMD-160 in hardware might speed that up.
If you use the smartcard to verify the kernel's signature, the kernel
could then verify the signatures of programs instead of sending them all
(or just their signed CRCs) to the smartcard. Since smartcards are
slow, this would speed up loading.
Tivo does something similar (linux that end-users aren't supposed to
play with), you might check out what people are saying about them.
Eric
***************************************************************
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***************************************************************
