Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)

From: Kuniyasu Suzaki <k.suzaki@xxxxxxxxxx>
Date: Tue, 19 Feb 2008 11:37:17 +0900 (JST)

From: Andrew Sackville-West <andrew@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)

On Tue, Feb 12, 2008 at 10:11:39PM +0900, Kuniyasu Suzaki wrote:

>>From: Tzafrir Cohen <tzafrir@xxxxxxxxxxxxx>
>>Subject: Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)

...

>>
>>Your disk image is shipped with a kernel image that has a nice root
>>exploit (vmpslice). Yeah, I know, bad luck. What impact does it have on
>>your guarantees?
>>What impact do your guarantees have on exploitations of that hole?

Yes, TC-Geeks KNOPPIX can not update but it is good example that we
need a remote attestation to check vulnerability. :-)

We need to check the kernel at the bootloader stage and keep the chain
of trust.

So it sounds like you're combining this trusted boot thing with
contact with a server somewhere and two together are supposed to
validate the system at boot time, right?

Yes. It is defined as "Platform Trust Services" by Trusted Computing Group.
https://www.trustedcomputinggroup.org/specs/IWG/IF-PTS_v1.0.pdf

How does the system behave when the authentication server is down? How do you deal
with a compromised authentication server?

Client takes vulnerability check only. There is no action on the client.

just curious about these things...

A

Trusted Computing is new concept and has some curious point.

------
suzaki

--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

Follow-Ups:
- Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
  - From: Andrew Sackville-West

References:
- Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
  - From: Tzafrir Cohen
- Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
  - From: Kuniyasu Suzaki
- Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
  - From: Andrew Sackville-West

Prev by Date: Re: Changed device for camera..
Next by Date: Re: Changed device for camera..
Previous by thread: Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
Next by thread: Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
Index(es):
- Date
- Thread

Relevant Pages

Re: Release: KNOPPIX5.1.1 for Trusted Compuintg Geeks (v1.0)
... >>Your disk image is shipped with a kernel image that has a nice root ... How does the system behave when the authentication server is down? ...
(Debian-User)
kernel panic upgrading from 2.4.27 to 2.6.8 kernel related to initrd and devfs
... Can't find ext3 filesystem on dev hda1 ... cramfs: wrong magic ... I'm just trying to install the stock 2.6.8 kernel image with initrdtools. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
(Debian-User)
Error rebooting after upgrade from 2.6.12-i36 to 2.6.15-i686
... I've installed a new Dell poweredge 850 server with SCSCI disks formated as ext3 from a netinstall, it run smoothly and installed the 2.6.12-i386 kernel image. ... and a busybox shell appears. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". ...
(Debian-User)
Error rebooting after upgrade from 2.6.12-i36 to 2.6.15-i686
... formated as ext3 from a netinstall, it run smoothly and installed the ... 2.6.12-i386 kernel image. ... and a busybox shell appears. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". ...
(Debian-User)
Re: How do I get my Kernel Back?
... removed my one and only kernel image. ... > I tried to do this from Knoppix but it doesn't seem to work. ... - mount the debian root partition ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
(Debian-User)