Re: [PATCH] use UUIDs for cross-disk installs (Re: Issue with boot != root and chainloading)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Isaac Dupree <id@isaac.cedarswampstudios.org>
To: The development of GRUB 2 <grub-devel@gnu.org>
Subject: Re: [PATCH] use UUIDs for cross-disk installs (Re: Issue with boot != root and chainloading)
Date: Sun, 03 Aug 2008 07:09:51 -0400	[thread overview]
Message-ID: <489591FF.3070601@isaac.cedarswampstudios.org> (raw)
In-Reply-To: <20080727183737.GB16393@thorin>

Robert Millan wrote:
> Perhaps we are over-engineering a bit here.  In the long run, maybe it makes
> more sense to always use UUIDs and drop the make_install_device() complexity.

>> I'm also concerned that UUID may not be unique.  For instance, a disk
>> was cloned, and a filesystem of the clone was modified without changing
>> the UUID.
> 
> I think in the long term the solution to that is that cloning software
> becomes UUID-aware and picks the right option between generating or copying
> the UUIDs (of course, the right option could just be what the user says!
> but this is outside of our scope ;-)).

Is using UUIDs alone resilient 
against this situation:
An attacker finds out the 
UUIDs on your hard-disk.  S/he 
makes a USB drive or CD (that 
preferably looks innocuous 
when plugged into a running 
system), but has a UUID on it 
equal to that of the GRUB boot 
partition (which might not be 
mounted on a running system). 
  Anyway, when the system 
(core.img) boots, can it tell 
the difference well enough to 
prefer the GRUB that's on the 
disk that it was originally 
installed to?  (Equally well, 
you could have a GRUB core.img 
and /boot on a CD or 
unwriteable USB drive that 
you're trying to boot when you 
don't entirely trust the 
computer's hard disk.) 
Furthermore, perhaps all the 
modules that the attacker 
provided are the same as the 
genuine ones; only grub.cfg 
differs... only the most 
paranoid of us would try to 
put a hash in core.img that 
complains whenever grub.cfg 
has changed from the original 
state?

To try to answer my own 
questions: If it's BIOS-based 
and a same-drive install (and 
if we trust the BIOS, and it's 
not too buggy...), and the 
BIOS has started booting from 
our drive, then we should be 
able to check the same drive 
first?  But if we don't 
understand anything about how 
the boot-process selected us 
to boot, or if it's a 
cross-drive install, then 
there's no way for us to tell 
the difference between "our 
disk" and a malicious 
duplication of the disk with a 
few modifications?  Maybe by 
interface type (e.g. we 
expected it to be on an ATA 
not a USB drive)??

I'm sure I might be way off 
track, but I worry about the 
predictability of my bootloader..

-Isaac

next prev parent reply	other threads:[~2008-08-03 11:10 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-07-22 13:34 Issue with boot != root and chainloading Andy Kittner
2008-07-22 13:50 ` Pavel Roskin
2008-07-22 14:01   ` Felix Zielcke
2008-07-22 23:58     ` Pavel Roskin
2008-07-24  9:12     ` Felix Zielcke
2008-07-24 10:25       ` Felix Zielcke
2008-07-24 11:00     ` Felix Zielcke
2008-07-24 16:49       ` Pavel Roskin
2008-07-25 21:08         ` Robert Millan
2008-07-25 21:47           ` Pavel Roskin
2008-07-25 22:10             ` [PATCH] use UUIDs for cross-disk installs (Re: Issue with boot != root and chainloading) Robert Millan
2008-07-26  1:08               ` Pavel Roskin
2008-07-27 12:19                 ` Robert Millan
2008-07-27 16:29                   ` Pavel Roskin
2008-07-27 18:37                     ` Robert Millan
2008-07-27 19:28                       ` UUID boot on ieee1275 (Re: [PATCH] use UUIDs for cross-disk installs (Re: Issue with boot != root and chainloading)) Robert Millan
2008-07-27 20:13                         ` [PATCH] " Robert Millan
2008-07-27 20:36                           ` Robert Millan
2008-07-30 10:41                             ` Robert Millan
2008-08-03 11:09                       ` Isaac Dupree [this message]
2008-08-03 12:08                         ` [PATCH] use UUIDs for cross-disk installs (Re: Issue with boot != root and chainloading) Robert Millan
2008-08-03 12:23                           ` Robert Millan
2008-08-03 17:04                           ` Isaac Dupree
2008-08-03 19:19                             ` Treacherous Computing (Re: [PATCH] use UUIDs for cross-disk installs) Robert Millan
2008-07-27 18:27               ` [PATCH] use UUIDs for cross-disk installs (Re: Issue with boot != root and chainloading) Robert Millan
2008-07-30 10:43                 ` Robert Millan
2008-07-22 15:09   ` Issue with boot != root and chainloading Andy Kittner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=489591FF.3070601@isaac.cedarswampstudios.org \
    --to=id@isaac.cedarswampstudios.org \
    --cc=grub-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.