Horst von Brand wrote: > Jonas Diemer <[EMAIL PROTECTED]> said: > > [...] > > >>I figured there could be a kernel compiled-in option that will make the >>kernel lock all drives found during bootup. then, a malicous program >>would need to install a different kernel in order to harm the drive, >>which would be much more secure. > > > Doing it in initrd should be plenty of time, no need to involve the kernel.
Technically, according to the article, the only safe time to do it is in the BIOS or in one of their special safe CDs that freezes the drive before the boot loader loads. This makes sense because a particularly malicious place to put something like this is a worm that attaches to your boot loader. Then, even doing it in the kernel at boot time is too late. --Vernon - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
