Re: Trusted kernel patchset

From: Matthew Garrett
Date: Mon Mar 16 2015 - 18:46:00 EST


On Mon, 2015-03-16 at 13:35 -0700, David Lang wrote:
> On Mon, 16 Mar 2015, Matthew Garrett wrote:
> > That's one implementation. Another is the kernel being stored on
> > non-volatile media.
>
> Anything that encourages deploying systems that can't be upgraded to fix bugs
> that are discovered is a problem.
>
> This is an issue that the Internet of Things folks are just starting to notice,
> and it's only going to get worse before it gets better.
>
> How do you patch bugs on your non-volitile media? What keeps that mechansim from
> being abused.

Nothing stops people from deploying kernels on non-volatile media right
now. This doesn't change anything.