[EROS-Arch] Re: [E-Lang] Re: Interaction Design for End-User
Security
Ben Laurie
ben@algroup.co.uk
Thu, 22 Mar 2001 17:10:47 +0000
wojtek@ifirma.pl wrote:
>
> You are right. I get it. Let me think it over again.
>
> This problem might be reduced to: verify what you boot.
>
> But wait a minute, there is an option, unfortunately quite hard to
> implement: boot from the token. It would require two things to be put on a
> token: 1. bootstrap 2. kernel signature. Then the bootstrap would only load
> the kernel from hard drive and verify its signature. Then the kernel would
> be responsible for verifying signatures of software it loads. The trusted
> set of certificates might reside on the token. Lets also grant that the
> bootstrap and your OS vendor cert is always read-only.
>
> Do you find this possible? Anything wrong in this scenario?
There is a BIOS project that does this (Mark will remember what its
called, I'm sure - I've gone blank).
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
ApacheCon 2001! http://ApacheCon.com/