From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1LbG20-0002YY-1b for mharc-grub-devel@gnu.org; Sun, 22 Feb 2009 10:14:12 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LbG1y-0002Y3-6A for grub-devel@gnu.org; Sun, 22 Feb 2009 10:14:10 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LbG1u-0002To-6x for grub-devel@gnu.org; Sun, 22 Feb 2009 10:14:08 -0500 Received: from [199.232.76.173] (port=43723 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LbG1u-0002Tl-37 for grub-devel@gnu.org; Sun, 22 Feb 2009 10:14:06 -0500 Received: from xsmtp0.ethz.ch ([82.130.70.14]:24499) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LbG1t-0006YH-NJ for grub-devel@gnu.org; Sun, 22 Feb 2009 10:14:05 -0500 Received: from xfe1.d.ethz.ch ([82.130.124.41]) by XSMTP0.ethz.ch with Microsoft SMTPSVC(6.0.3790.3959); Sun, 22 Feb 2009 16:14:04 +0100 Received: from [192.168.2.71] ([81.221.97.38]) by xfe1.d.ethz.ch over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Sun, 22 Feb 2009 16:14:04 +0100 Message-ID: <49A16B5E.2020701@student.ethz.ch> Date: Sun, 22 Feb 2009 16:12:30 +0100 From: Jan Alsenz User-Agent: Thunderbird 2.0.0.19 (X11/20090104) MIME-Version: 1.0 To: The development of GRUB 2 References: <49A152BD.6010907@student.ethz.ch> <49A15982.4000001@gmail.com> In-Reply-To: <49A15982.4000001@gmail.com> X-Enigmail-Version: 0.95.7 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigD229C42B371B0DB74C2C8A90" X-OriginalArrivalTime: 22 Feb 2009 15:14:04.0213 (UTC) FILETIME=[32D50650:01C99500] X-detected-operating-system: by monty-python.gnu.org: Windows 2000 SP4, XP SP1+ Subject: Re: GRUB trusted boot framework X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Feb 2009 15:14:11 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigD229C42B371B0DB74C2C8A90 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable phcoder wrote: >> - hooks for any disk read (not sure if write is necessary) > This way how trusted grub does it is an ad-hoc solution which results i= n > a MESS. They just try to hash and rehash everything without design. So > if grub is instructed to load all modules in a directory and filesystem= > is reindexed then grub will load the same modules in a different order > which results in a different hash. IMO we can't allow such thing to com= e > to grub2 it's just against its basic design principles. Much better > would be a layer similar to gzio: >=20 > grub_gnupg_open (const char *filename, int flags, struct grub_gnupg_inf= o > *info); > Which internally checks the certificate. This layer can also > encrypt/decrypt from gnupg containers > Then all kernel and config loads would use this function instead of > grub_gzio_open and grub_gnupg_open would check if its contents is > gzipped. Flags can include: > GRUB_GNUPG_FLAGS_ALLOW_UNSIGNED > if signature can be checked later on (e.g. signed ELF) > Then the behavior is controlled by an environment variable > allow_unsigned=3Dyes|no > If grub_gnupg_open is invoked without GRUB_GNUPG_FLAGS_ALLOW_UNSIGNED > and allow_unsigned=3Dno and signature is broken or not present it shoul= d > prompt for password (if it isn't supplied yet) and write something like= > File %s is unsigned. Are you sure you want to load it? Type "YES" if yo= u > do. Ok, but your already talking of a specific solution here. My conclusion w= ould be: The hooks need to be able to determine the filename, that is currentl= y read. The reason why I want generic read hooks, is that I want it to inter oper= ate with everything else. So I should not need to figure out what files e.g. = the linux loader is going to read, or change it's code to do so. Greets, Jan --------------enigD229C42B371B0DB74C2C8A90 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkmha2QACgkQfZylhtn4XvfsywCdEQw3Z6lob6IvmgHMPYHlQxRQ HywAoIsmVNoQCph59EccSBVWuodC5qUL =83TC -----END PGP SIGNATURE----- --------------enigD229C42B371B0DB74C2C8A90--