From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1LbJLE-0006Y8-Lw for mharc-grub-devel@gnu.org; Sun, 22 Feb 2009 13:46:16 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LbJLC-0006XG-AY for grub-devel@gnu.org; Sun, 22 Feb 2009 13:46:14 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LbJL9-0006Wo-T7 for grub-devel@gnu.org; Sun, 22 Feb 2009 13:46:13 -0500 Received: from [199.232.76.173] (port=37542 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LbJL9-0006Wl-Mq for grub-devel@gnu.org; Sun, 22 Feb 2009 13:46:11 -0500 Received: from mta-out.inet.fi ([195.156.147.13]:34205 helo=jenni2.inet.fi) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LbJL9-0000r7-3Q for grub-devel@gnu.org; Sun, 22 Feb 2009 13:46:11 -0500 Received: from [192.168.1.102] (84.248.105.254) by jenni2.inet.fi (8.5.014) id 48FC5A880564C157 for grub-devel@gnu.org; Sun, 22 Feb 2009 20:46:08 +0200 Message-ID: <49A19D67.2060003@nic.fi> Date: Sun, 22 Feb 2009 20:45:59 +0200 From: =?ISO-8859-1?Q?Vesa_J=E4=E4skel=E4inen?= User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: The development of GRUB 2 References: <49A152BD.6010907@student.ethz.ch> <49A1782B.3010000@nic.fi> <49A19A05.6030606@student.ethz.ch> In-Reply-To: <49A19A05.6030606@student.ethz.ch> X-Enigmail-Version: 0.95.7 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: Quoted-Printable X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 3) Subject: Re: GRUB trusted boot framework X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Feb 2009 18:46:14 -0000 Jan Alsenz wrote: > Vesa J=E4=E4skel=E4inen write: >> I do like the idea what some protected systems use, they sign the bina= ry >> (in our case .mod file and kernels of loaded OSes). Now in that scenar= io >> it is responsibility of the kernel module loader to first verify the >> signature for correctness. This way the signature checking would be >> somewhat transparent to the rest of the system. >> >> I do not see a need to add any hooks to disk read. It should be >> responsibility of the code needing signature checking to handle that. >=20 > Well, since to trusted operation should be transparent (and in my opini= on should > not need code changes in something like the loaders - so if someone wri= tes a new > loader, it should work by default), that's where the hooks come in. > Maybe the "disk read" was misleading, what I meant where "file reads". Hi, Well.. you probably don't want to verify authenticity of the fonts or bitmaps in graphical menu? Anyway. I think the right place for verification hook in this case is the module or OS kernel loader. If you think otherwise. Then you have to provide a complete technical design how it should work as I see no other good choice for it. (actually there is one other place that could be used, but I let you come up with the idea after you have given a bit more though on the implementation side :)) Thanks, Vesa J=E4=E4skel=E4inen