On Thu, Sep 12, 2013 at 7:12 PM, The Doctor <[email protected]> wrote:
> It is worth noting that, if an unprivileged user can list the contents
> of the file, an unprivileged user (an attacker) can potentially unpack
> the contents of the file, tamper with them, and then repack them.  I
> do not know if there are any measures to detect alteration of this
> file when TAILS boots, I haven't taken the time to go poking around
> inside the initrd.img or initrd2.img files (used by the kernel when
> TAILS boots) to see if there is anything of that sort.  A cursory
> examination of the contents of the syslinux/ directory does not show
> anything of that sort.

Use Liberté if you want the real thing — a trusted boot chain.
http://dee.su/liberte-security

Current version verifies the SquashFS image in initramfs, but the next
version will use dm-verity to remove that small delay.
https://code.google.com/p/cryptsetup/wiki/DMVerity

-- 
Maxim Kammerer
Liberté Linux: http://dee.su/liberte
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
[email protected].

Reply via email to