shawn wilson wrote:
I guess I should've said what my use case is: I want a boot system that unlocks a partition where everything is checked [...] However, someone could replace gpg with a version that logs to something.
OK, simply provide a Faraday cage to the user and instruct them to boot the device inside of it, hence ensuring a boot process without any RF connection to the exterior.
I'm only half joking: if you don't trust the hardware for having a trustworthy boot in some read-only section in the device, then you stated an impossible problem.
Also, you may be paranoid about a user device being replaced altogether without the victim noticing the replacement. Do you check that the serial number of your favorite gadget remains stable over time?
So in practice you must bear some residual risks when you tailor the boot process towards your goal. In the tailoring project, you might find that GPG is an overkill when only hash/signature validation is required.
This is sort of a trusting trust question.
So you knew the answer already. -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, QC, Canada H2M 2A1 Tel. +1-514-385-5691 _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
