From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1KbKfM-000711-9N for mharc-grub-devel@gnu.org; Thu, 04 Sep 2008 15:38:52 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1KbKfK-00070k-BF for grub-devel@gnu.org; Thu, 04 Sep 2008 15:38:50 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1KbKfI-00070M-WF for grub-devel@gnu.org; Thu, 04 Sep 2008 15:38:49 -0400 Received: from [199.232.76.173] (port=55747 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1KbKfI-00070G-Py for grub-devel@gnu.org; Thu, 04 Sep 2008 15:38:48 -0400 Received: from aybabtu.com ([69.60.117.155]:39813) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1KbKfI-0004nC-B0 for grub-devel@gnu.org; Thu, 04 Sep 2008 15:38:48 -0400 Received: from [192.168.10.10] (helo=thorin) by aybabtu.com with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from ) id 1KbKUu-0008Fe-7h for grub-devel@gnu.org; Thu, 04 Sep 2008 21:28:05 +0200 Received: from rmh by thorin with local (Exim 4.63) (envelope-from ) id 1KbKdm-0002ZO-Dh for grub-devel@gnu.org; Thu, 04 Sep 2008 21:37:14 +0200 Date: Thu, 4 Sep 2008 21:37:14 +0200 From: Robert Millan To: The development of GRUB 2 Message-ID: <20080904193714.GE9133@thorin> References: <48BE5DE9.4090302@gmail.com> <20080903103654.GC29762@thorin> <48BE838E.9090204@gmail.com> <48BEC078.7030006@nic.fi> <48BEC6AD.5040305@gmail.com> <48BECE1A.1070406@nic.fi> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <48BECE1A.1070406@nic.fi> Organization: free as in freedom X-Message-Flag: Worried about Outlook viruses? Switch to Thunderbird! www.mozilla.com/thunderbird X-Debbugs-No-Ack: true User-Agent: Mutt/1.5.13 (2006-08-11) X-detected-kernel: by monty-python.gnu.org: Genre and OS details not recognized. Subject: Re: [RFC] Boot parameters and geometrical stability X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Sep 2008 19:38:50 -0000 On Wed, Sep 03, 2008 at 08:49:14PM +0300, Vesa Jääskeläinen wrote: > > Possibilites are there, but basically they are limited to something like: > > (ata0) (pci-X-Y-Z:ata0) (usb-X-Y:scsi0) (pci-X-Y-Z:scsi0) I think this is overkill, and doesn't really address the root of the problem. The real security problem here is whether the executable code you're loading is trusted, NOT where you load the code from. When you use crypto checksums, if you get a match why would you care if you're loading from (some-safe-disk) or from (evil-place)? It's the same data! -- Robert Millan The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and how) you may access your data; but nobody's threatening your freedom: we still allow you to remove your data and not access it at all."