Date: Thu, 16 Apr 2015 19:50:06 -0700 From: Yuri <yuri@rawbw.com> To: freebsd-hackers@FreeBSD.org Subject: Is it possible to check the running kernel signature? Message-ID: <553074DE.4070106@rawbw.com>
next in thread | raw e-mail | index | archive | help
I came across this horror story: https://pbs.twimg.com/media/Bd7LUMYCMAAJcqJ.jpg Three letter agencies subverted the BIOS manufacturers to produce BIOSes that were/are able to inject the malicious code right into the FreeBSD kernel during the final BIOS boot stage. This may well be going on with the modern FreeBSD versions. The idea that comes to mind is the ability to verify that the running kernel wasn't tampered with by comparing it with its disk image copy. Same with the kernel modules. Kernel can be verified through the memory mmapped to /dev/mem device. Is this idea feasible, and would it make sense to implement it? Yuri
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?553074DE.4070106>