Navigation
Recherche
|
[$] Lockdown as a security module
lundi 24 juin 2019, 22:41 , par LWN.net
Technologies like UEFI secure boot are intended to guarantee that a
locked-down system is running the software intended by its owner (for a definition of 'owner' as 'whoever holds the signing key recognized by the firmware'). That guarantee is hard to uphold, though, if a program run on the system in question is able to modify the running kernel somehow. Thus, proponents of secure-boot technologies have been trying for years to provide the ability to lock down many types of kernel functionality on secure systems. The latest attempt posted by Matthew Garrett, at an eyebrow-raising version 34, tries to address previous concerns by putting lockdown under the control of a Linux security module (LSM).
https://lwn.net/Articles/791863/rss
|
56 sources (32 en français)
Date Actuelle
mar. 7 mai - 01:02 CEST
|