Date: Fri, 19 Jun 2009 20:11:59 +0100
From: Alan Cox <alan@lxorguk.ukuu.org.uk>
To: Valdis.Kletnieks@vt.edu
Cc: Pavel Machek <pavel@ucw.cz>, James Morris <jmorris@namei.org>,
       Joseph Cihula <joseph.cihula@intel.com>, Ingo Molnar <mingo@elte.hu>,
       linux-kernel@vger.kernel.org, arjan@linux.intel.com, hpa@zytor.com,
       andi@firstfloor.org, Chris Wright <chrisw@sous-sol.org>,
       jbeulich@novell.com, peterm@redhat.com, gang.wei@intel.com,
       shane.wang@intel.com
Subject: Re: [RFC v4][PATCH 2/2] intel_txt: Intel(R) TXT and tboot kernel
 support
Message-ID: <20090619201159.35d259bb@lxorguk.ukuu.org.uk>
In-Reply-To: <33858.1245433922@turing-police.cc.vt.edu>
References: <4A299051.40405@intel.com>
	<alpine.LRH.2.00.0906121509001.14633@tundra.namei.org>
	<20090619150514.GE1389@ucw.cz>
	<33858.1245433922@turing-police.cc.vt.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 888
Lines: 20

> "Somebody has screwed with this kernel image, and you're not booting what you
> thought you were booting."

So I screw with your user space - you can't measure enough to make it
save you in a general setup. Too much I can hit changes each boot.

For a tiny number of very special cases that are highly controlled it has
potential uses. Some of those are evil some are ones with meaningful uses
(eg ATM machines) - although attacks there have included hardware attacks
outside the PC components too.

Personally (and I'm sure Intel disagrees with me) my bigger work is that
I can't verify that the magic block of code for tboot is correct.


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/