[Arm-netbook] Verifying firmware

Xavi Drudis Ferran xdrudis at tinet.cat
Thu Aug 25 08:16:40 BST 2016


El Thu, Aug 25, 2016 at 07:23:45AM +0100, Luke Kenneth Casson Leighton deia:
> 
>  'i've set up read-only rootfs on debian before, it was fun to do.
> needed it because i was booting off of CF cards.  used somebody else's
> scripts... where are they... ah ha!
> 
> https://gist.github.com/netj/1216392
>

You mean software read only, right ? (as in file system mount flags) 
That's good but we were talking hardware read only which would seem
more secure. If one has the kind of compromise that secure boot or
verified boot try to protect against, the attacker can possibly 
remount read write or something. 


 





More information about the arm-netbook mailing list