<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Tue, Feb 17, 2015 at 10:53 PM, David Johnston <span dir="ltr"><<a href="mailto:dj@deadhat.com" target="_blank">dj@deadhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
On 2/17/15 6:28 PM, Henry Baker wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I (and most everyone else, as well) no longer care about booting from "hard" disks. Everyone boots from flash memories these days.</blockquote></span></blockquote><div><br></div><div>....... </div><div>
<br>> Flash files systems were commonplace. They are still there in the Linux source code and I assume they are used in many products.</div><div><br></div><div>The critical stage is the boot ROM (BIOS) and the boot device. </div><div>Once Linux has booted a lot is possible but too much has already taken place.</div><div>A BIOS that allows booting from a Flash memory card must be trusted.</div><div><br></div><div>Virtual machines may help or hinder.</div><div> </div><div>The VM is sitting where the man in the middle wants to be and if it wants can protect or expose</div><div>the OSs that it hosts. A VM can protect a hard drive from being infected by blocking vendor</div><div>codes that might try to update or corrupt modern disks of boot flash memory.</div><div><br></div><div>To help a company like Sony what if the VM established a VPN link to a landing zone at Sony</div><div>based on previously shared keys it could be at a solid step for establishing access to resources.</div><div>The VM can also host a user safe context so employees can access Amazon, Gmail or what ever</div><div>but not from a company resource of any kind.</div><div><br></div><div>But it all depends on the integrity of the boot process..... </div><div>As always key management and shared secret management is important.</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"> T o m M i t c h e l l</div></div>
</div></div>