-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Fri, Nov 25, 2016 at 12:19:14AM +0300, Eva Star wrote:
> On 11/19/2016 10:31 PM, Marek Marczykowski-Górecki wrote:
> 
> > Yes, exactly
> 
> Is it possible to check non encrypted boot part of the disk for checksums
> after OS was loaded and warn user about some changes? ( or check some files
> on boot part)
> Is it a good idea?

If someone have planted some malware there, he/she can also replace your
integrity checking tool. So such solution will not be bulletproof.

> Or maybe some USB disk with loader which will do the same. And user User
> periodically will be able to check his disk.

This would be better. Or you can go one step further - store /boot on
some USB stick. Or two steps further - use AEM with that.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJYN2x5AAoJENuP0xzK19csaesH/jxwp92Tv/96utIuPaMShfIx
PtiNeZT/98kMrdBNLwrJHH6D/eio8v+3wOdK5gNkGxQs8W4IezOLf21ja1T1cNRe
5gG5FgUafayKu+0nPBpSgpK2vO3QubQPOqKRaE3YBGJcByRpCRgDqqzP6h3BNmoa
MBSOI6pUKAu6CWN5wryNOUv/lvfG9fxrCKcSIB94f7AV5yBMJ3hIJluE94/tvb8E
qobrPWFHMZMRa5upUjxNuEfGSuwhdfgymeGUOqc8bokoScA4cnLVJRxbdowcNILW
6uh//37IvU6rjlkKtpfiDaW4Yvxntx9sPBiBEuwuoveWr7SPyvKKTnJCgL4BMvI=
=+axr
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161124224055.GZ1145%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Reply via email to