From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1LbHWe-00084o-08 for mharc-grub-devel@gnu.org; Sun, 22 Feb 2009 11:49:56 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LbHWc-00083V-U0 for grub-devel@gnu.org; Sun, 22 Feb 2009 11:49:54 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LbHWa-00080L-06 for grub-devel@gnu.org; Sun, 22 Feb 2009 11:49:53 -0500 Received: from [199.232.76.173] (port=39068 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LbHWZ-00080H-RW for grub-devel@gnu.org; Sun, 22 Feb 2009 11:49:51 -0500 Received: from xsmtp0.ethz.ch ([82.130.70.14]:33069) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LbHWZ-0004k0-DB for grub-devel@gnu.org; Sun, 22 Feb 2009 11:49:51 -0500 Received: from xfe1.d.ethz.ch ([82.130.124.41]) by XSMTP0.ethz.ch with Microsoft SMTPSVC(6.0.3790.3959); Sun, 22 Feb 2009 17:49:49 +0100 Received: from [192.168.2.71] ([81.221.97.38]) by xfe1.d.ethz.ch over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Sun, 22 Feb 2009 17:49:50 +0100 Message-ID: <49A181D1.7080707@student.ethz.ch> Date: Sun, 22 Feb 2009 17:48:17 +0100 From: Jan Alsenz User-Agent: Thunderbird 2.0.0.19 (X11/20090104) MIME-Version: 1.0 To: The development of GRUB 2 References: <49A152BD.6010907@student.ethz.ch> <49A15982.4000001@gmail.com> <49A16B5E.2020701@student.ethz.ch> <49A1727D.9070400@gmail.com> In-Reply-To: <49A1727D.9070400@gmail.com> X-Enigmail-Version: 0.95.7 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigD2F204090D11C1593E4BEAFE" X-OriginalArrivalTime: 22 Feb 2009 16:49:50.0103 (UTC) FILETIME=[93A64270:01C9950D] X-detected-operating-system: by monty-python.gnu.org: Windows 2000 SP4, XP SP1+ Subject: Re: GRUB trusted boot framework X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Feb 2009 16:49:55 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigD2F204090D11C1593E4BEAFE Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable phcoder wrote: >> Ok, but your already talking of a specific solution here. My >> conclusion would >> be: The hooks need to be able to determine the filename, that is >> currently read. >> > And then also where it comes from but some files may have different > filenames. IMO the solution work independently of the order of files an= d > where they come from. TPM checking is too limited for grub2 architectur= e. I agree and I'm not talking TPM here. Do you know if it is possible to determine where the files come from? >> The reason why I want generic read hooks, is that I want it to inter >> operate >> with everything else. So I should not need to figure out what files >> e.g. the >> linux loader is going to read, or change it's code to do so. > You can do anything secure without collaboration from upper layers. > Consider a huge loopback image from which you load only kernel. In you > solution it will unnecessary check the whole image Hmm, to be precise we're interested in file reads. So if the loopback ima= ge is implemented as disk driver, it should work. Greets, Jan --------------enigD2F204090D11C1593E4BEAFE Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkmhgdYACgkQfZylhtn4XvfmuwCgoqeW6LUh5QOtFj4Kknx8Huyw 0AUAnj0o99bSG9cn951QKRwvqFMUV27b =afYk -----END PGP SIGNATURE----- --------------enigD2F204090D11C1593E4BEAFE--