sad treacherous computing day
Sam Morris
sam at robots.org.uk
Mon May 7 15:11:15 UTC 2007
On Mon, 07 May 2007 16:28:24 +0200, Alfred M. Szmidt wrote:
> This example has nothing to do with TC or DRM. This is how just about
> any modern operating system works. I cannot update the kernel on this
> machine since I do not have the permission to do so because the kernel
> disallows me to do that task, but there is no need for a specially
> crippled chip for this task. So I still do not see the use of DRM/TC.
An attacker who has physical access to your machine can pull the disk and
put his own kernel on it that will perform his own nefarious tasks. But
if you made use of the TC module then I believe you can prevent him from
being able to do this -- the system will simply refuse to load his
modified kernel.
If *you* have the keys to the TC module then it becomes a very powerful
tool for ensuring that your systems are not compromised while your back
is turned. If someone else has the keys to the machine then obviously the
machine belongs to them, and you are just a user (e.g., games consoles,
some mobile phones).
--
Sam Morris
http://robots.org.uk/
PGP key id 1024D/5EA01078
3412 EA18 1277 354B 991B C869 B219 7FDB 5EA0 1078
More information about the Discussion
mailing list