From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1LagYu-0008Jn-GL for mharc-grub-devel@gnu.org; Fri, 20 Feb 2009 20:21:48 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LagYt-0008Ji-0r for grub-devel@gnu.org; Fri, 20 Feb 2009 20:21:47 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LagYn-0008JO-E7 for grub-devel@gnu.org; Fri, 20 Feb 2009 20:21:45 -0500 Received: from [199.232.76.173] (port=57774 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LagYn-0008JL-9L for grub-devel@gnu.org; Fri, 20 Feb 2009 20:21:41 -0500 Received: from fg-out-1718.google.com ([72.14.220.155]:10935) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LagYm-000099-NT for grub-devel@gnu.org; Fri, 20 Feb 2009 20:21:41 -0500 Received: by fg-out-1718.google.com with SMTP id l27so1572676fgb.30 for ; Fri, 20 Feb 2009 17:21:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:subject:from:to:in-reply-to :references:content-type:date:message-id:mime-version:x-mailer; bh=UO8CaLe2KVXHllCOG3LeGukCjvam8NghiPHF505OT68=; b=vl0Vmq6GDSeWob3jw81bxXuVSdhkcbnD5dj5QrGvVbuL6XqYGA+MsSGR/Zwvzva0WW IyOY7je7K8ZDSBEGjsVtxWf/ge+8edjaZFpmcNozw3eHVOghH0mghhdwvJ6+i7gusFPu Lh3vY2Nhwo0zx17StdHhItWTXJS1tuOUi01W8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:from:to:in-reply-to:references:content-type:date:message-id :mime-version:x-mailer; b=h/qzOzAQKwGJ/QhISY05kK+9h/s/WYJ++/itpEAfb9IAF+yUELPfS6vrMNocutxugL gqQ0nmn9pa2ogmP8BZkmt42yjrRMunkSlxMEr/an4lBYAe6ajrjKlQqeqZY/+eBgiXzp pY/2l2hGmbU37Bu6UiA53qK3x9rSFOZ6450A4= Received: by 10.86.92.7 with SMTP id p7mr1394779fgb.54.1235179298547; Fri, 20 Feb 2009 17:21:38 -0800 (PST) Received: from ?192.168.1.100? (213.37.137.93.dyn.user.ono.com [213.37.137.93]) by mx.google.com with ESMTPS id 4sm3030572fgg.55.2009.02.20.17.21.37 (version=SSLv3 cipher=RC4-MD5); Fri, 20 Feb 2009 17:21:38 -0800 (PST) From: Javier =?ISO-8859-1?Q?Mart=EDn?= To: The development of GRUB 2 In-Reply-To: <200902202002.12963.ml@isaac.cedarswampstudios.org> References: <499F25B0.8000202@gmail.com> <499F3FB9.9070304@gmail.com> <499F4B86.2000904@student.ethz.ch> <200902202002.12963.ml@isaac.cedarswampstudios.org> Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-ee5yPhPDNDEHq4dy3l8t" Date: Sat, 21 Feb 2009 02:21:41 +0100 Message-Id: <1235179301.27212.10.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.24.3 X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2) Subject: Re: SHA-1 MBR X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Feb 2009 01:21:47 -0000 --=-ee5yPhPDNDEHq4dy3l8t Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable El vie, 20-02-2009 a las 20:02 -0500, Isaac Dupree escribi=C3=B3: > Jan Alsenz wrote: > > Yes, that was my point. You need a trusted first step. > > But the only thing besides a TPM, that can be used for this is the BIOS= , > > which can be flashed. > > And even, if we assume, that we can construct a BIOS that only boots if= the > > MBR hash matches and can not be flashed prior to this point, there are > > still two points missing: > > - After the system has started, the BIOS could be flashed. This is a ve= ry > > possible scenario in a multi user environment. > > - They could take out the disk and put it in another machine, tamper wi= th > > the boot code and switch it on. And all your protection is gone. > > Ok, you could try to put a needed key in the BIOS too, but then we're > > back to problem one - and the BIOS can not check if a request for the k= ey > > is valid. I'm not even sure, if something in the BIOS can be read > > protected. >=20 > BIOS could be in ROM, un-flashable, including hash/keys and all! Refuse = to=20 > boot if the hash doesn't match! Admittedly this poses some limitations o= n=20 > whether the system can be upgraded, depending how sophisticated you want = to=20 > be. This paranoid security talk is growing some big pink elephants which are being conveniently ignored: you people are trying to protect a HD within a computer that could be stolen, but you trust that the BIOS chip (in ROM and whatever you want), which performs the systems initialization (including RAM and the TPM) cannot be tampered with or even replaced. When someone pointed the key-in-RAM problem the answer was "I'll just glue it with epoxy resin"! For crying out loud! Without taking into account that most epoxy resins take weeks to solidify under 100 =C2=BAC, if the computer is physically stolen it could be subjected to EM-field analysis. What will be the next madness? Will you wrap every RAM module in tinfoil, a-la Faraday cage? Will you build a plasma shield around them? This is going way out of proportion: with non-interactive key initialization, if the computer is stolen, you are screwed period, because you have a Mallory-on-steroids-holding-Alice-ransom instead of a tame Eve. It does not take a rocket scientist (what I'm studying) nor a cryptographer (one of my hobbies) to notice! --=20 -- Lazy, Oblivious, Rational Disaster -- Habbit --=-ee5yPhPDNDEHq4dy3l8t Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQIcBAABAgAGBQJJn1cfAAoJEKSl+Fbdeo72mRcQALK2jRysD3dWEuN/blXjShro 96Noo0Wgq7vRRE2r5u7eJ+YkuVMPuC3mYigvMVkozX4+6+VomhtrybkcpPcAjuNi rJB59PmogtM/LvaCTqDs46X7LRa+9Txc3P/VDjCyPngSyY+GYal9URGgK2bwdtb8 fq/l3/qTnJyiuYhpOJrthDuAvzyaEVdACfSirh0m21trwGfX5Selddd8xeK9Qm+d BmXWFKTOgHsVyV4MKionyGuIhxw9PnDIvl4XJk5E3QARJZy9cx29lEoH2J0Je/C3 WlkncycdAHjKnY+G13GtzcqFkIM+2U5oxZ8iLVAmF9KiHkruJt7gzKwG4uyyTY+1 m/YQyO2Ts4ZMt4lB4+3YNAzluaD+2WMMW6zXBTlWuprfpEgtlF49z5KYJFYEQ5ms S74YMUYjbL61NR20D2RvbCzkIbUIVBb6e4KU5I6BCVnZ3w700+Gf1/G1uTDORzBw BxRAd0sm1d4Yp5UJdStBzhMLn68wGqLmqCzboBjH2rVP0J23k7o9lKovM2v6rhYu QBhiQ5eTBUiUcMbK37cWkX2za4YqEqeFuFGQnCga95pRDvIPhwHSHMRkc1m5R6sM 8g2ZyumoSEveIzZbdkRKP37QjjSCZO/QT8HMCUYEIIJkoUvy1e8dL22LYVI0n4iq Rmym4vIvSoOdTQsnmOy+ =Vi7u -----END PGP SIGNATURE----- --=-ee5yPhPDNDEHq4dy3l8t--