From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1KavzK-00036c-MG for mharc-grub-devel@gnu.org; Wed, 03 Sep 2008 13:17:50 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1KavzI-00036V-L5 for grub-devel@gnu.org; Wed, 03 Sep 2008 13:17:48 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1KavzG-00036J-A8 for grub-devel@gnu.org; Wed, 03 Sep 2008 13:17:47 -0400 Received: from [199.232.76.173] (port=42138 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1KavzG-00036G-40 for grub-devel@gnu.org; Wed, 03 Sep 2008 13:17:46 -0400 Received: from fg-out-1718.google.com ([72.14.220.157]:63925) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1KavzE-0005gh-SX for grub-devel@gnu.org; Wed, 03 Sep 2008 13:17:46 -0400 Received: by fg-out-1718.google.com with SMTP id l26so226457fgb.30 for ; Wed, 03 Sep 2008 10:17:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :x-enigmail-version:content-type:content-transfer-encoding; bh=RwA8plCroqhByoM3ihSFGbifPNYfufXvn+RUUTbE7Yk=; b=SvHEzGEYmvlQQWayX1nwSXdn96Pj2LMecHc+bD71HGWcphCQXXPJ6v2VPWIFIwMIcX PLlv0LMJvmAaXjkiGDnIuGZhNYItAWYF/6+fP0DYGrfH0B19uSHiwpu8AsXV7RtRw7+H cZ7nFJM6ZOWptFAUXRLMo9zs4xTICx8KRfUSI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; b=qUadjDN1TnnYC0kpx1FxQanjb6hNWDX53baG13+Er+oSbweZ5xE3abbg3JkYkxBbG7 ZZIQbPKSiqB+QFHDYp3x5OcgL23cR5UMzMsjJP6IIJUdlA6VTI+2HSgCfScqXwaK24xt PG8ZMUOtVHQnujkloCH67nl6HOvu6y/TkzPdE= Received: by 10.86.92.7 with SMTP id p7mr6879360fgb.8.1220462258358; Wed, 03 Sep 2008 10:17:38 -0700 (PDT) Received: from ?192.168.1.15? ( [83.77.145.184]) by mx.google.com with ESMTPS id 3sm8674453fge.3.2008.09.03.10.17.35 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 03 Sep 2008 10:17:36 -0700 (PDT) Message-ID: <48BEC6AD.5040305@gmail.com> Date: Wed, 03 Sep 2008 19:17:33 +0200 From: phcoder User-Agent: Thunderbird 2.0.0.16 (X11/20080724) MIME-Version: 1.0 To: The development of GRUB 2 References: <48BE5DE9.4090302@gmail.com> <20080903103654.GC29762@thorin> <48BE838E.9090204@gmail.com> <48BEC078.7030006@nic.fi> In-Reply-To: <48BEC078.7030006@nic.fi> X-Enigmail-Version: 0.95.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-detected-kernel: by monty-python.gnu.org: Linux 2.6 (newer, 2) Subject: Re: [RFC] Boot parameters and geometrical stability X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Sep 2008 17:17:49 -0000 Vesa Jääskeläinen wrote: > phcoder wrote: >> I was thinking about the scenario when ide drives are trusted but not >> USB or removable devices. Cryptographic checksums wouldn't bring much >> because if attacker can modify harddrive he can also modify GRUB to skip >> checksum check. > > Then you password protect it :) Once that is supported. > > But really, if attacker has access to your HDD then there is not a > really reason why we should do defense against that one as they can > overwrite us at will. But consider a scenario when attacker can't overwrite the existing harddrive but can plug new one. Then the attacker can prepare a harddrive having a partition with the same UUID as our boot partition. Then he plugs it and depnding on factors like order of interfaces, devices, phase of the moon, ... GRUB can load attacker's modules. While it's ok to use UUID on personal desktop system when attacker can't plug his devices it shouldn't be the default. Vladimir 'phcoder' Serbinenko