





















Typically, the security policy associated with such a certification says you can't use tools that would do that.
For example, the security policy for user space modules often says you can't LD_PRELOAD a process, can't attach a debugger or otherwise ptrace the certified code:
> Instrumentation tools like the `ptrace` system call, `gdb` and `strace`, userspace live patching, as well as other tracing mechanisms offered by the Linux environment such as `ftrace` or `systemtap`, shall not be used in the operational environment. The use of any of these tools implies that the cryptographic module is running in a non-validated operational environment.
As pointed out by other commenters, the certification assumes you are willingly complying. There are many ways to break things if you are actively hostile to the requirements.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。