Message-ID: <4252B1A9.3040005@gmail.com>
Date: Tue, 05 Apr 2005 08:41:29 -0700
From: Vernon Mauery <vmauery@gmail.com>
User-Agent: Debian Thunderbird 1.0 (X11/20050116)
MIME-Version: 1.0
To: Horst von Brand <vonbrand@inf.utfsm.cl>
Cc: Jonas Diemer <diemer@gmx.de>, linux-kernel@vger.kernel.org
Subject: Re: security issue: hard disk lock
References: <200504041832.j34IW6PO030096@laptop11.inf.utfsm.cl>
In-Reply-To: <200504041832.j34IW6PO030096@laptop11.inf.utfsm.cl>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1029
Lines: 23

Horst von Brand wrote:
> Jonas Diemer <diemer@gmx.de> said:
> 
> [...]
> 
> 
>>I figured there could be a kernel compiled-in option that will make the
>>kernel lock all drives found during bootup. then, a malicous program
>>would need to install a different kernel in order to harm the drive,
>>which would be much more secure.
> 
> 
> Doing it in initrd should be plenty of time, no need to involve the kernel.

Technically, according to the article, the only safe time to do it is in the BIOS or in one of their special safe CDs that freezes the drive before the boot loader loads.  This makes sense because a particularly malicious place to put something like this is a worm that attaches to your boot loader.  Then, even doing it in the kernel at boot time is too late.

--Vernon

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/