On Jul 10, 2007, at 5:54 PM, C. Scott Ananian wrote: > Unless we're actually going to do a full cryptographic authentication > of the entire FS image at every boot, the kernel checking is just > security theater.
I missed this message when originally following the thread. This is incorrect. Verifying the integrity of the kernel and the initramfs is necessary and sufficient for guaranteeing that the anti-theft daemon gets started in a container that cannot be killed. Making theft non- trivial is the entire point behind the crypto dance; if that is met, we don't care whether the rest of the FS is modified. -- Ivan Krstić <[EMAIL PROTECTED]> | http://radian.org _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
