I don't get why a bad guy couldn't dump the current log / hash, then load a kernel module that'd just replay the same values whenever someone asks for it?
Does the log have a challenge/nonce from the client that'd change the hash everytime it's obtained? (if the client loads their own kernel module they can check it's on the list, but the whole point is about not having to do that, right..)
No comments yet.