From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1LbGTp-0001U7-9I for mharc-grub-devel@gnu.org; Sun, 22 Feb 2009 10:42:57 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LbGTo-0001Tp-B8 for grub-devel@gnu.org; Sun, 22 Feb 2009 10:42:56 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LbGTn-0001TT-Pi for grub-devel@gnu.org; Sun, 22 Feb 2009 10:42:55 -0500 Received: from [199.232.76.173] (port=39200 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LbGTn-0001TP-JG for grub-devel@gnu.org; Sun, 22 Feb 2009 10:42:55 -0500 Received: from fg-out-1718.google.com ([72.14.220.155]:4901) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LbGTn-0003bi-5d for grub-devel@gnu.org; Sun, 22 Feb 2009 10:42:55 -0500 Received: by fg-out-1718.google.com with SMTP id l27so1799779fgb.30 for ; Sun, 22 Feb 2009 07:42:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=qQbAMVJlo20XEGrpOKgOQDNosvWB5XPj7N9QydgmvvM=; b=TAv758GeqviliE4KYBWFvO0eDFVQF0cAttCkxp09tu7lIcWUfTx6g/gv1PExNT+HYY nwzvzZ2Kuv0ysBH3HTIOy6q8eHUz9iPdgKsSZnyz53OBS1BBU7bBOHXYFyD2hvVusU6U nPZvU4YAzTE+dw5fblE3M1GQRzG10l/DAKARw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=Cv2AUFZUBmtrKhfgRtoz/CqYk7Kn1mhvovV4OaTVvVTQIU06njxwSvJcFwdMfoij2Y NouxOfCfLf73Oku8nPqSL5AAMu0Zr25pr1T/HwI55lEmjD1BYEJ5oEFZ0En5+/+GdN4C 2fQ9G1W7mCswU0k7D5NdCrC+0N6I3dMLTuUsU= Received: by 10.86.3.4 with SMTP id 4mr2315939fgc.41.1235317374019; Sun, 22 Feb 2009 07:42:54 -0800 (PST) Received: from ?192.168.1.25? (112-27.1-85.cust.bluewin.ch [85.1.27.112]) by mx.google.com with ESMTPS id 4sm7298805fgg.55.2009.02.22.07.42.53 (version=SSLv3 cipher=RC4-MD5); Sun, 22 Feb 2009 07:42:53 -0800 (PST) Message-ID: <49A1727D.9070400@gmail.com> Date: Sun, 22 Feb 2009 16:42:53 +0100 From: phcoder User-Agent: Thunderbird 2.0.0.19 (X11/20090105) MIME-Version: 1.0 To: The development of GRUB 2 References: <49A152BD.6010907@student.ethz.ch> <49A15982.4000001@gmail.com> <49A16B5E.2020701@student.ethz.ch> In-Reply-To: <49A16B5E.2020701@student.ethz.ch> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2) Subject: Re: GRUB trusted boot framework X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Feb 2009 15:42:56 -0000 > Ok, but your already talking of a specific solution here. My conclusion would > be: The hooks need to be able to determine the filename, that is currently read. > And then also where it comes from but some files may have different filenames. IMO the solution work independently of the order of files and where they come from. TPM checking is too limited for grub2 architecture. > The reason why I want generic read hooks, is that I want it to inter operate > with everything else. So I should not need to figure out what files e.g. the > linux loader is going to read, or change it's code to do so. You can do anything secure without collaboration from upper layers. Consider a huge loopback image from which you load only kernel. In you solution it will unnecessary check the whole image > Greets, > > Jan Regards Vladimir 'phcoder' Serbinenko