Re: Trusted kernel patchset

From: Matthew Garrett
Date: Mon Mar 16 2015 - 18:46:00 EST

Next message: Alexandre Belloni: "[PATCH 10/10] ARM: at91: remove at91rm9200_sdramc.h"
Previous message: Alexandre Belloni: "[PATCH 07/10] pcmcia: at91_cf: Use syscon to configure the MC/smc"
In reply to: One Thousand Gnomes: "Re: Trusted kernel patchset"
Next in thread: Kees Cook: "Re: Trusted kernel patchset"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2015-03-16 at 13:35 -0700, David Lang wrote:
> On Mon, 16 Mar 2015, Matthew Garrett wrote:
> > That's one implementation. Another is the kernel being stored on
> > non-volatile media.
>
> Anything that encourages deploying systems that can't be upgraded to fix bugs
> that are discovered is a problem.
>
> This is an issue that the Internet of Things folks are just starting to notice,
> and it's only going to get worse before it gets better.
>
> How do you patch bugs on your non-volitile media? What keeps that mechansim from
> being abused.

Nothing stops people from deploying kernels on non-volatile media right
now. This doesn't change anything.

Next message: Alexandre Belloni: "[PATCH 10/10] ARM: at91: remove at91rm9200_sdramc.h"
Previous message: Alexandre Belloni: "[PATCH 07/10] pcmcia: at91_cf: Use syscon to configure the MC/smc"
In reply to: One Thousand Gnomes: "Re: Trusted kernel patchset"
Next in thread: Kees Cook: "Re: Trusted kernel patchset"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]