Date: Fri, 17 Apr 2015 13:30:58 +0930 From: "O'Connor, Daniel" <darius@dons.net.au> To: Yuri <yuri@rawbw.com> Cc: freebsd-hackers@FreeBSD.org Subject: Re: Is it possible to check the running kernel signature? Message-ID: <7C5F6DC3-5507-409E-B58A-F9F291D1924A@dons.net.au> In-Reply-To: <553074DE.4070106@rawbw.com> References: <553074DE.4070106@rawbw.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 17 Apr 2015, at 12:20, Yuri <yuri@rawbw.com> wrote: > The idea that comes to mind is the ability to verify that the running kernel wasn't tampered with by comparing it with its disk image copy. Same with the kernel modules. Kernel can be verified through the memory mmapped to /dev/mem device. > Is this idea feasible, and would it make sense to implement it? If the kernel has been compromised then you can't trust it, since any userland program has to use the kernel to do its job it is impossible to validate the kernel because the kernel could just fake up anything it wants. Also I think when the kernel is loaded it is modified for things like relocations (although I'm not sure) which would make it tricky to verify. -- Daniel O'Connor "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7C5F6DC3-5507-409E-B58A-F9F291D1924A>