From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1LasYK-00035u-I6 for mharc-grub-devel@gnu.org; Sat, 21 Feb 2009 09:10:01 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LasYB-00032C-LC for grub-devel@gnu.org; Sat, 21 Feb 2009 09:09:52 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LasY7-000318-W3 for grub-devel@gnu.org; Sat, 21 Feb 2009 09:09:49 -0500 Received: from [199.232.76.173] (port=40813 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LasY7-00030g-8Y for grub-devel@gnu.org; Sat, 21 Feb 2009 09:09:47 -0500 Received: from aybabtu.com ([69.60.117.155]:48066) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1LasY6-0003RP-S4 for grub-devel@gnu.org; Sat, 21 Feb 2009 09:09:47 -0500 Received: from [192.168.10.10] (helo=thorin) by aybabtu.com with esmtp (Exim 4.69) (envelope-from ) id 1LasRa-00076N-TV for grub-devel@gnu.org; Sat, 21 Feb 2009 15:03:03 +0100 Received: from rmh by thorin with local (Exim 4.69) (envelope-from ) id 1LasY4-0004Ip-Er for grub-devel@gnu.org; Sat, 21 Feb 2009 15:09:44 +0100 Date: Sat, 21 Feb 2009 15:09:44 +0100 From: Robert Millan To: The development of GRUB 2 Message-ID: <20090221140944.GO16068@thorin> References: <499F2AC9.5050000@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <499F2AC9.5050000@gmail.com> Organization: free as in freedom X-Message-Flag: Worried about Outlook viruses? Switch to Thunderbird! www.mozilla.com/thunderbird X-Debbugs-No-Ack: true User-Agent: Mutt/1.5.18 (2008-05-17) X-detected-operating-system: by monty-python.gnu.org: Genre and OS details not recognized. Subject: Re: Design: first sector of core.img X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Feb 2009 14:09:54 -0000 On Fri, Feb 20, 2009 at 11:12:25PM +0100, phcoder wrote: > Hello. For SHA-1 verified boot first sector needs to check the rest of > core.img. It will need heavy modifications. On the same time I would > like to avoid changes to current boot process so that both alternatives > are available (SHA-1 and plain boot). In the same time even in current > design the first sector plays a special role. So I propose first sector > to be moved to a separate file and then at install time grub-mkimage or > grub-setup can take care of choosing right one depending on options > supplied by user (plain or SHA-1 boot) Have you looked at how the boot process works when using coreboot/GRUB ? By getting rid of the legacy stuff, things get much more flexible. Check the grub.cfg example in: http://grub.enbug.org/CoreBoot to see what I mean. Most pieces are there already. When we merge crypto support, it'll be possible for GRUB-in-chip to verify GRUB-in-disk. Then the chip becomes your root of trust, which is what you're pursuing, if I understood correctly. But if I was serious about security, I wouldn't make a BIOS blob my root of trust, GRUB is a much better option ;-) -- Robert Millan The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and how) you may access your data; but nobody's threatening your freedom: we still allow you to remove your data and not access it at all."