cyber-"terrorism"?

[John R T Brazier]

Ben said,
>> I think their point, and I'm inclined to agree, is that of the things
>> you say we need to be secure, the least important is the trusted boot -
>> and if I have a security kernel running, I need it even less.

But Brian responded:
> But how do you know what you have running without secure boot?

Surely Brian is correct, in the sense that security is from the inside out,
not the reverse. If you know the boot is safe (or at least not modifiable by
external sources), you can then take a view on the security of what you run
on the system presented by the boot process.

Otherwise, you're saying that POST doesn't matter, as you'll be able to
detect any problems such as duff memory after the POST. This seems unlikely
to me. POST is there to ensure system integrity, and Brian wants to see that
system integrity developed (as far as is humanly, or even physically,
possible) to the point of the OS (or kernel) load.

Of course, the boot process may load any number of bugs. But that reinforces
Brian's point: getting this right gives you a secure platform on which you
can see how good (or lousy) the OS and (then) the application software is.

TTFN

Prune