From: phcoder <phcoder@gmail.com>
To: The development of GRUB 2 <grub-devel@gnu.org>
Subject: Re: GRUB trusted boot framework
Date: Sun, 22 Feb 2009 14:56:18 +0100 [thread overview]
Message-ID: <49A15982.4000001@gmail.com> (raw)
In-Reply-To: <49A152BD.6010907@student.ethz.ch>
> - hooks for any disk read (not sure if write is necessary)
This way how trusted grub does it is an ad-hoc solution which results in
a MESS. They just try to hash and rehash everything without design. So
if grub is instructed to load all modules in a directory and filesystem
is reindexed then grub will load the same modules in a different order
which results in a different hash. IMO we can't allow such thing to come
to grub2 it's just against its basic design principles. Much better
would be a layer similar to gzio:
grub_gnupg_open (const char *filename, int flags, struct grub_gnupg_info
*info);
Which internally checks the certificate. This layer can also
encrypt/decrypt from gnupg containers
Then all kernel and config loads would use this function instead of
grub_gzio_open and grub_gnupg_open would check if its contents is
gzipped. Flags can include:
GRUB_GNUPG_FLAGS_ALLOW_UNSIGNED
if signature can be checked later on (e.g. signed ELF)
Then the behavior is controlled by an environment variable
allow_unsigned=yes|no
If grub_gnupg_open is invoked without GRUB_GNUPG_FLAGS_ALLOW_UNSIGNED
and allow_unsigned=no and signature is broken or not present it should
prompt for password (if it isn't supplied yet) and write something like
File %s is unsigned. Are you sure you want to load it? Type "YES" if you do.
Regards
Vladimir 'phcoder' Serbinenko
next prev parent reply other threads:[~2009-02-22 13:56 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-22 13:27 GRUB trusted boot framework Jan Alsenz
2009-02-22 13:56 ` phcoder [this message]
2009-02-22 15:12 ` Jan Alsenz
2009-02-22 15:42 ` phcoder
2009-02-22 16:48 ` Jan Alsenz
2009-02-22 17:15 ` phcoder
2009-02-22 16:07 ` Vesa Jääskeläinen
2009-02-22 18:31 ` Jan Alsenz
2009-02-22 18:45 ` Vesa Jääskeläinen
2009-02-22 19:16 ` Jan Alsenz
2009-02-22 21:16 ` phcoder
2009-02-22 23:04 ` Jan Alsenz
2009-02-22 23:55 ` phcoder
2009-02-23 7:51 ` Jan Alsenz
2009-02-27 20:42 ` Robert Millan
2009-02-27 21:56 ` GRUB hardened " Jan Alsenz
2009-02-27 22:15 ` phcoder
2009-02-27 22:22 ` Robert Millan
2009-02-27 22:55 ` phcoder
2009-02-27 23:08 ` Robert Millan
2009-02-27 23:16 ` phcoder
2009-02-27 23:10 ` Jan Alsenz
2009-02-27 23:18 ` phcoder
2009-02-27 23:26 ` Robert Millan
2009-02-28 0:07 ` Jan Alsenz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49A15982.4000001@gmail.com \
--to=phcoder@gmail.com \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.