[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Loading secure binaries?

To: linux-crypto <linux-crypto@nl.linux.org>
Subject: Loading secure binaries?
From: "Ian S. Nelson" <ian.nelson@echostar.com>
Date: Mon, 26 Feb 2001 16:10:58 -0700
Organization: Echostar
Reply-To: ian.nelson@echostar.com
Sender: owner-linux-crypto@nl.linux.org

I'm working on an embedded Linux project and the issue of security is
starting to surface and it's beginning to look kind of interesting.

Is there any plans with Linux-crypto or some other project that somebody
knows of to allow the loading of secure binaries?

I was thinking of a scheme like this:

    there would be a new linux executable loader, perhaps one of the
misc binary loaders or an ELF hack, you'd want it to reside inside the
kernel though.

    Then add a new system call to provide a key to the kernel.  This
could be pulled down off the internet or out of a secure piece of
hardware.  In some applications it could be something the user provides
at login time.

    Then the new binaries would be AES/IDEA/DES encrypted with that key
and the new loader would use that key to decrypt them at load time.

Anybody know of something like this?  A logical extension would be to
embed GPG into the kernel and then you could execute signed and
encrypted binaries but that seems like overkill for what we're doing, we
just don't want a few key pieces of code to ever be decrypted anywhere
other than SDRAM.

thanks,
Ian


Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

Prev by Date: Re: max size of a partition
Prev by thread: problems
Index(es):
- Date
- Thread