[nodata]

The EVM part interests me. It provides a way of guaranteeing that a file has not been changed by using a combination of a passphrase and a key stored in the TPM, along with hashes of files stored as xattrs on disk.

More info here: http://lwn.net/Articles/394170/

One question I have though is how to guarantee that the kernel hasn't been modified to misread the xattrs or log the passphrase. Anyone know?

[wmf]

GRUB-IMA (based on TCPA) and TBOOT (based on TXT) have been around for a while: http://linux-ima.sourceforge.net/

Google invented their own verified boot system for ChromeOS: http://www.chromium.org/chromium-os/chromiumos-design-docs/v...

Or you could use upcoming UEFI secure boot: http://mjg59.dreamwidth.org/6054.html

[ajross]

Destpite its use of TPM for tamper-proof storage, EVM remains a software security solution. So yes: it assumes an uncompromised kernel and key.

[sp332]

TCCBOOT? You could verify the source code of the kernel on a thumb drive, then boot the computer with TCCBOOT and compile the kernel from source every time you boot the computer. http://bellard.org/tcc/tccboot.html

[astro1138]

Does your compiler compile itself twice before? 100% security is just never achievable.

[sp332]

Ah yes, the old Reflections on Trusting Trust. http://cm.bell-labs.com/who/ken/trust.html Fortunately that wasn't nodata's question. Recompiling the kernel from known source should ensure that it hasn't been modified to misread xattrs.

[mc32]

I found his moral section on security interesting: "...The acts performed by these kids are vandalism at best and probably trespass and theft at worst. It is only the inadequacy of the criminal code that saves the hackers from very serious prosecution."

and

"I have watched kids testifying before Congress. It is clear that they are completely unaware of the seriousness of their acts. There is obviously a cultural gap. The act of breaking into a computer system has to have the same social stigma as breaking into a neighbor's house."

So while interested in trusted code and security, he was also interested in criminal penalties for unauthorized access to computer systems. Of course, it's an unstoppable force and the metaphor with the real world is tenuous --it's just an interesting take.

[sp332]

There is absolutely nothing stopping most people from just breaking a window and climbing into their neighbor's houses. But people don't generally do that, because there's a social stigma against it. There's no security around men's and women's bathrooms to make sure only the "right" people go in, but people know they shouldn't do that. There's no physical barrier on (most) roads to prevent a driver from going on the other side of the road, or ignoring lights, but drivers take courses that explain how to drive properly. That's the kind of cultural gap he's talking about. Stealing is easy, but we teach kids from an early age to respect each other's property. We could easily instill the same respect for digital territory, but culture hasn't caught up yet. I think it will soon though.

[mc32]

The digital realm does introduce remoteness[1] too though -and there isn't the possibility of immediate repercussions (as one can find in the physical world).

Additionally, the number of people who trespass digital properties are very few, relatively speaking and could be compared to scofflaws, drunk drivers, etc. but, and this is the big but, their impact is asymmetrical. They can have an effect on large numbers of people.

Despite that, I do agree that culture can be changed in a generation.

[1] It's impersonal and removed.