Re: Mounting a in-ROM filesystem efficiently

From: Richard B. Johnson (root@chaos.analogic.com)
Date: Mon Dec 17 2001 - 08:24:42 EST


On Fri, 14 Dec 2001, Dominik Kubla wrote:

> On Thu, Dec 13, 2001 at 01:34:45PM -0500, Richard B. Johnson wrote:
> >
> > Well RAM is a hell of a lot cheaper than NVRAM. If you don't have
> > the required RAM on your box, the hardware engineers screwed up
> > and have to be "educated" preferably with an axe in the parking-lot.
> >
>
> What about security issues? I can imagine quite a few scenarios where
> you would want to insure that you run untampered binaries. (eg. use
> ROM instead of the usual CD-ROM or read-only FD to run your security
> critical application.)
>

I never even implied that you would run CD-ROM or FD in embedded
applications. The stuff that runs comes-from ROM, actually NVRAM so
in can be written/updated in production. However, EIP software
(Execute In Place) has always been a dog and, even Ethernet switches
3COM, Cisco, etc., don't run that way. You need to get the stuff
that runs into RAM.

Security isn't a problem with embedded systems because everything
that could possibly be done is handled with a "monitor". There is
no shell. If there is no way to execute some foreign executable,
you don't have a security issue unless some dumb alleged software
engineer added some back-doors to the monitor.

Cheers,
Dick Johnson

Penguin : Linux version 2.4.1 on an i686 machine (799.53 BogoMips).
 Santa Claus is coming to town...
          He knows if you've been sleeping,
             He knows if you're awake;
          He knows if you've been bad or good,
             So he must be Attorney General Ashcroft.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sun Dec 23 2001 - 21:00:13 EST