From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1KavZS-0007g1-86 for mharc-grub-devel@gnu.org; Wed, 03 Sep 2008 12:51:06 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1KavZQ-0007fc-Me for grub-devel@gnu.org; Wed, 03 Sep 2008 12:51:04 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1KavZO-0007fK-W9 for grub-devel@gnu.org; Wed, 03 Sep 2008 12:51:04 -0400 Received: from [199.232.76.173] (port=33311 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1KavZO-0007fH-Qd for grub-devel@gnu.org; Wed, 03 Sep 2008 12:51:02 -0400 Received: from mta-out.inet.fi ([195.156.147.13]:43106 helo=jenni1.inet.fi) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1KavZO-0001Rs-7s for grub-devel@gnu.org; Wed, 03 Sep 2008 12:51:02 -0400 Received: from [127.0.0.1] (88.193.32.97) by jenni1.inet.fi (8.5.014) id 488F153401A79E5F for grub-devel@gnu.org; Wed, 3 Sep 2008 19:51:01 +0300 Message-ID: <48BEC078.7030006@nic.fi> Date: Wed, 03 Sep 2008 19:51:04 +0300 From: =?ISO-8859-1?Q?Vesa_J=E4=E4skel=E4inen?= User-Agent: Thunderbird 2.0.0.16 (Windows/20080708) MIME-Version: 1.0 To: The development of GRUB 2 References: <48BE5DE9.4090302@gmail.com> <20080903103654.GC29762@thorin> <48BE838E.9090204@gmail.com> In-Reply-To: <48BE838E.9090204@gmail.com> X-Enigmail-Version: 0.95.7 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-detected-kernel: by monty-python.gnu.org: Linux 2.6 (newer, 3) Subject: Re: [RFC] Boot parameters and geometrical stability X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Sep 2008 16:51:04 -0000 phcoder wrote: > I was thinking about the scenario when ide drives are trusted but not > USB or removable devices. Cryptographic checksums wouldn't bring much > because if attacker can modify harddrive he can also modify GRUB to skip > checksum check. Then you password protect it :) Once that is supported. But really, if attacker has access to your HDD then there is not a really reason why we should do defense against that one as they can overwrite us at will.