before i blogged about my laptop with encrypted root drive and the possibility of someone installing a malicious program to collect login credentials when booting the system. this guide might provide me the solution to that problem: http://www.scribd.com/doc/3499565/IndustrialStrength-Linux-Lockdown-Part-2-Executing-Only-Signed-Binaries
i only skimmed it but basically it shows how combining a signing of applications with a special kernel module allows you to enforce execution of only properly-signed apps. tie that into your /boot and initrd and it may be much more difficult to exploit the unencrypted boot partition.
No comments:
Post a Comment