From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1LdC5w-0003PG-3e for mharc-grub-devel@gnu.org; Fri, 27 Feb 2009 18:26:16 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LdC5t-0003OM-7o for grub-devel@gnu.org; Fri, 27 Feb 2009 18:26:13 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LdC5q-0003OA-St for grub-devel@gnu.org; Fri, 27 Feb 2009 18:26:11 -0500 Received: from [199.232.76.173] (port=37929 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LdC5q-0003O7-OP for grub-devel@gnu.org; Fri, 27 Feb 2009 18:26:10 -0500 Received: from aybabtu.com ([69.60.117.155]:39762) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1LdC5q-0005dR-FP for grub-devel@gnu.org; Fri, 27 Feb 2009 18:26:10 -0500 Received: from [192.168.10.10] (helo=thorin) by aybabtu.com with esmtp (Exim 4.69) (envelope-from ) id 1LdByh-0007AE-U0 for grub-devel@gnu.org; Sat, 28 Feb 2009 00:18:48 +0100 Received: from rmh by thorin with local (Exim 4.69) (envelope-from ) id 1LdC5n-0007jc-EB for grub-devel@gnu.org; Sat, 28 Feb 2009 00:26:07 +0100 Date: Sat, 28 Feb 2009 00:26:07 +0100 From: Robert Millan To: The development of GRUB 2 Message-ID: <20090227232607.GA29722@thorin> References: <49A152BD.6010907@student.ethz.ch> <20090227204226.GI31629@thorin> <49A861A0.2000601@student.ethz.ch> <20090227222230.GA7907@thorin> <49A86F7B.8030201@gmail.com> <49A872D1.5010608@student.ethz.ch> <49A874B9.8030403@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <49A874B9.8030403@gmail.com> Organization: free as in freedom X-Message-Flag: Worried about Outlook viruses? Switch to Thunderbird! www.mozilla.com/thunderbird X-Debbugs-No-Ack: true User-Agent: Mutt/1.5.18 (2008-05-17) X-detected-operating-system: by monty-python.gnu.org: Genre and OS details not recognized. Subject: Re: GRUB hardened boot framework X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2009 23:26:13 -0000 On Sat, Feb 28, 2009 at 12:18:17AM +0100, phcoder wrote: >> If the code that does the authentication is loaded from the encrypted partition, >> without being checked, this is true, but we assume, that core.img is already >> loaded (and checked), so the authentication code is not on the encrypted >> partition, and can detect any tampering. > As far as I understood Robert Millan was suggesting that just encrypting > (but not verifying) your kernel is enough. I wanted to show wha it isn't Fair enough. My point is that we don't need overcomplicated mechanisms to measure every module, config file or component separately. After core.img is verified/loaded, it's much simpler to handle the rest at this layer below the filesystem, which doesn't require significant redesign of how GRUB works. -- Robert Millan The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and how) you may access your data; but nobody's threatening your freedom: we still allow you to remove your data and not access it at all."