From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.71)
	id 1dLJu5-0008Vo-47
	for mharc-grub-devel@gnu.org; Wed, 14 Jun 2017 21:48:57 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:59670)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <prvs=03396d0097=mjg59@cavan.codon.org.uk>)
	id 1dLJu3-0008Vg-8A
	for grub-devel@gnu.org; Wed, 14 Jun 2017 21:48:56 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <prvs=03396d0097=mjg59@cavan.codon.org.uk>)
	id 1dLJty-0007uw-Uh
	for grub-devel@gnu.org; Wed, 14 Jun 2017 21:48:55 -0400
Received: from cavan.codon.org.uk ([93.93.128.6]:37998)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71)
	(envelope-from <prvs=03396d0097=mjg59@cavan.codon.org.uk>)
	id 1dLJty-0007pa-L9
	for grub-devel@gnu.org; Wed, 14 Jun 2017 21:48:50 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=codon.org.uk;
	s=63138784; 
	h=In-Reply-To:Content-Transfer-Encoding:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date;
	bh=4qZX1RtS02WKUY0+kACWqBvz4R7RfQt/N7JEd1VpQuM=; 
	b=rBNdaNJ8B8m4K6kef7BPoISyrCIH8h5ivik9Y+vlZz+SRgpwOnBhpCuZJnrU4he6E7nDgpljkqRKjbPANCoXSBenwaHHeKw3/43xjNHgWSwumCYMZzXqyizxxOLyWuSeuCYBb81MxSMypr9hFYTejrV0IM6fiQbHs8zeKI6Cqac=;
Received: from mjg59 by cavan.codon.org.uk with local (Exim 4.84_2)
	(envelope-from <mjg59@cavan.codon.org.uk>) id 1dLJtp-0007F2-9q
	for grub-devel@gnu.org; Thu, 15 Jun 2017 02:48:41 +0100
Date: Thu, 15 Jun 2017 02:48:41 +0100
From: Matthew Garrett <mjg59@srcf.ucam.org>
To: The development of GNU GRUB <grub-devel@gnu.org>
Subject: Re: [PATCH 1/3] Move verifiers to the kernel
Message-ID: <20170615014841.GA26702@srcf.ucam.org>
References: <20170615004245.127430-1-mjg59@google.com>
	<20170615004245.127430-2-mjg59@google.com>
	<CAEaD8JP2OnTp+goQMOkw=H0ya-wKTdnbhNbGvkeoAP-htchWEA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CAEaD8JP2OnTp+goQMOkw=H0ya-wKTdnbhNbGvkeoAP-htchWEA@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: mjg59@cavan.codon.org.uk
X-SA-Exim-Scanned: No (on cavan.codon.org.uk); SAEximRunCond expanded to false
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
	[fuzzy]
X-Received-From: 93.93.128.6
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel/>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jun 2017 01:48:56 -0000

On Wed, Jun 14, 2017 at 06:34:38PM -0700, Vladimir 'phcoder' Serbinenko wrote:

> This bid at odds with the need to keep kernel small. Why not just put
> verifiers as the first module to load? Presumably you need to verify the
> whole core in either case.

They're not useful as an external module, so they need to be built into 
the core image in any case (otherwise an attacker just replaces the 
verifier module…). And if you're making the ordering significant, 
it's far too easy for someone to mess up and end up with an insecure 
system as a result.

-- 
Matthew Garrett | mjg59@srcf.ucam.org