Re: RFC: live-initramfs 2.x features
Michael Prokop wrote (24 Jan 2010 12:50:50 GMT) :
> But if you're working in IT forensics and/or have special security
> requirements this won't be enough. Someone could prepare a device
> that fullfills the uuid requirements but provides a hacked
> filesystem which does "something you definitely don't want". ;) So
> you need additional ways to make sure you're booting the correct
> filesystem and that's what I'm currently working on.
Could you please give us some hints about the ideas you are
experimenting in this field? I guess you at least need a trusted
kernel / initrd to check the squashfs, else you end up asking a system
to verify itself, which seems to be a dead-end.
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr-fingerprint.asc
| Every now and then I get a little bit restless
| and I dream of something wild.