From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with archive (Exim 4.43)
	id 1LartV-0005ub-Kg
	for mharc-grub-devel@gnu.org; Sat, 21 Feb 2009 08:27:49 -0500
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1LartT-0005tM-BX
	for grub-devel@gnu.org; Sat, 21 Feb 2009 08:27:47 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1LartR-0005sT-QW
	for grub-devel@gnu.org; Sat, 21 Feb 2009 08:27:46 -0500
Received: from [199.232.76.173] (port=43235 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1LartR-0005sK-FO
	for grub-devel@gnu.org; Sat, 21 Feb 2009 08:27:45 -0500
Received: from fg-out-1718.google.com ([72.14.220.152]:1163)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <phcoder@gmail.com>) id 1LartQ-0002VO-W8
	for grub-devel@gnu.org; Sat, 21 Feb 2009 08:27:45 -0500
Received: by fg-out-1718.google.com with SMTP id l27so1648580fgb.30
	for <grub-devel@gnu.org>; Sat, 21 Feb 2009 05:27:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from
	:user-agent:mime-version:to:subject:references:in-reply-to
	:content-type:content-transfer-encoding;
	bh=4wcnk7Yi/C4C2oDpdf2PTR7uHD9b781u3BlxMTZdP2Y=;
	b=M6Xi0HEH3P+0x1awU/Nd0jrEAgfpFl1o6TFLN761UKOJYpOt/geC/g6ugbhWQSNYY4
	qBnTeL/7NRJgB/mEcYxC70MVBsRwA1rV9MAii1Jzcos+aoYfg0A2XjQ06ZdXu9mbJhAC
	zUpKlV32uIJkysx56ZCDgqEDkZZLYWbSBbJfI=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:user-agent:mime-version:to:subject:references
	:in-reply-to:content-type:content-transfer-encoding;
	b=USmLXvXbIHyUFUSIHji8PCTX0SJzTttYOl1oMOY7nQCMTyu+j2EWJY9R14p23AmCML
	OLOI9aZ+ql2EbTy+WdI16TWFmt9AYqwDbviJkPGBaF1ADrnF8O6HoiuXMnUTj8ZQo/yD
	EY/8KENCSOjG9b/rPo1YN8ZslWTe1BKrtO1P0=
Received: by 10.86.83.2 with SMTP id g2mr1702001fgb.1.1235222862959;
	Sat, 21 Feb 2009 05:27:42 -0800 (PST)
Received: from ?192.168.1.25? (166-90.62-81.cust.bluewin.ch [81.62.90.166])
	by mx.google.com with ESMTPS id 12sm7930723fgg.53.2009.02.21.05.27.42
	(version=SSLv3 cipher=RC4-MD5); Sat, 21 Feb 2009 05:27:42 -0800 (PST)
Message-ID: <49A0014E.6070002@gmail.com>
Date: Sat, 21 Feb 2009 14:27:42 +0100
From: phcoder <phcoder@gmail.com>
User-Agent: Thunderbird 2.0.0.19 (X11/20090105)
MIME-Version: 1.0
To: The development of GRUB 2 <grub-devel@gnu.org>
References: <499F25B0.8000202@gmail.com>	<499F376C.60906@student.ethz.ch>	<499F3FB9.9070304@gmail.com>	<499F4B86.2000904@student.ethz.ch>
	<499FC1BC.1050007@student.ethz.ch>
In-Reply-To: <499FC1BC.1050007@student.ethz.ch>
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2)
Subject: Re: SHA-1 MBR
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: The development of GRUB 2 <grub-devel@gnu.org>
List-Id: The development of GRUB 2 <grub-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Feb 2009 13:27:47 -0000

I consider the way how memory is protected or how integrity of mbr is 
ensured out of scope of grub2. It simply can do nothing against it. So 
my goals is just making verfication chain secure. Then I hope that 
someone more knowledge in chipsets will find a way to build a secure 
system on the top of it. I do only as much as I can and never claim to 
achieve something which is theoretically impossible
Regards
Vladimir 'phcoder' Serbinenko
Jan Alsenz wrote:
>>>> If not, who checks the MBR?
>>> This can't be done by grub because it happens before any part of grub is
>>> loaded. to verify grub you need to rely on vendor/platform-specific
>>> mechanisms.
>>> I personally find "tpm without tpm" more attractive because it can be
>>> easily reused on another platform or any alternative to tpm (perhaps
>>> anybody here or coreboot folks will come up with something).
>>> Additionally it workarounds many bios and tpm bugs.
>>> I will continue working on sha-1 boot. My goal is to load core.img
>>> checked. After that point there is much more space and any signature
>>> based solution can be used.
>> Yes, that was my point. You need a trusted first step.
>> But the only thing besides a TPM, that can be used for this is the BIOS, which
>> can be flashed.
>> And even, if we assume, that we can construct a BIOS that only boots if the MBR
>> hash matches and can not be flashed prior to this point, there are still two
>> points missing:
>> - After the system has started, the BIOS could be flashed. This is a very
>> possible scenario in a multi user environment.
> Ok, I revoke that statement!
> 
> This is most likely equivalent to being able to just read out the disk
> encryption keys from memory, which we considered out of scope.
> 
> So if you can get the BIOS right, this might actually work for our scenario!
> 
> Greets,
> 
> Jan
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> http://lists.gnu.org/mailman/listinfo/grub-devel