-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Fri, Nov 25, 2016 at 12:19:14AM +0300, Eva Star wrote: > On 11/19/2016 10:31 PM, Marek Marczykowski-Górecki wrote: > > > Yes, exactly > > Is it possible to check non encrypted boot part of the disk for checksums > after OS was loaded and warn user about some changes? ( or check some files > on boot part) > Is it a good idea?
If someone have planted some malware there, he/she can also replace your integrity checking tool. So such solution will not be bulletproof. > Or maybe some USB disk with loader which will do the same. And user User > periodically will be able to check his disk. This would be better. Or you can go one step further - store /boot on some USB stick. Or two steps further - use AEM with that. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJYN2x5AAoJENuP0xzK19csaesH/jxwp92Tv/96utIuPaMShfIx PtiNeZT/98kMrdBNLwrJHH6D/eio8v+3wOdK5gNkGxQs8W4IezOLf21ja1T1cNRe 5gG5FgUafayKu+0nPBpSgpK2vO3QubQPOqKRaE3YBGJcByRpCRgDqqzP6h3BNmoa MBSOI6pUKAu6CWN5wryNOUv/lvfG9fxrCKcSIB94f7AV5yBMJ3hIJluE94/tvb8E qobrPWFHMZMRa5upUjxNuEfGSuwhdfgymeGUOqc8bokoScA4cnLVJRxbdowcNILW 6uh//37IvU6rjlkKtpfiDaW4Yvxntx9sPBiBEuwuoveWr7SPyvKKTnJCgL4BMvI= =+axr -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161124224055.GZ1145%40mail-itl. For more options, visit https://groups.google.com/d/optout.