Is it possible to check the running kernel signature?
Yuri
yuri at rawbw.com
Fri Apr 17 02:50:10 UTC 2015
I came across this horror story:
https://pbs.twimg.com/media/Bd7LUMYCMAAJcqJ.jpg
Three letter agencies subverted the BIOS manufacturers to produce BIOSes
that were/are able to inject the malicious code right into the FreeBSD
kernel during the final BIOS boot stage. This may well be going on with
the modern FreeBSD versions.
The idea that comes to mind is the ability to verify that the running
kernel wasn't tampered with by comparing it with its disk image copy.
Same with the kernel modules. Kernel can be verified through the memory
mmapped to /dev/mem device.
Is this idea feasible, and would it make sense to implement it?
Yuri
More information about the freebsd-hackers
mailing list