From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with archive (Exim 4.43)
	id 1LbOAD-0002DY-35
	for mharc-grub-devel@gnu.org; Sun, 22 Feb 2009 18:55:13 -0500
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1LbOAC-0002DJ-3T
	for grub-devel@gnu.org; Sun, 22 Feb 2009 18:55:12 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1LbOAA-0002Cz-Ow
	for grub-devel@gnu.org; Sun, 22 Feb 2009 18:55:10 -0500
Received: from [199.232.76.173] (port=54296 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1LbOAA-0002Cw-K2
	for grub-devel@gnu.org; Sun, 22 Feb 2009 18:55:10 -0500
Received: from fg-out-1718.google.com ([72.14.220.154]:15867)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <phcoder@gmail.com>) id 1LbOA9-0002V4-Vt
	for grub-devel@gnu.org; Sun, 22 Feb 2009 18:55:10 -0500
Received: by fg-out-1718.google.com with SMTP id l27so1841858fgb.30
	for <grub-devel@gnu.org>; Sun, 22 Feb 2009 15:55:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from
	:user-agent:mime-version:to:subject:references:in-reply-to
	:content-type:content-transfer-encoding;
	bh=m84TQpZ2q8PLtOZoJI2lidP8rrsDP0I3egWbgqV0p0w=;
	b=DV/ivtkCUb1j8zVCixvdsw5C6KXcudHXJSyj0DOJjKT0uV6BEB8XquyQjAKcElhGwr
	1GVdiok4MdQUjQ7mG9a0QPVel2d3puT31QlJ1Ij2MHgrCLWNf2PaE9b96zW3ViXBA0pX
	Uf6Xd2vmTuISXfbYwKVlQfxuiW6ABz10rwiDA=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:user-agent:mime-version:to:subject:references
	:in-reply-to:content-type:content-transfer-encoding;
	b=VWhldPGlLNMkC2cqy7Krhqwmg9Bcdh206PafaYFH3JfHnXmP3TqXdp+HLE0Wa26fsy
	8AFAIOJV45GqkqL5T0VkgHb+A2oyAFiasXFItbhxGyWpZ8Wz2EJ7rbyT9LJkWChQsa2s
	VQdohJg0Bm+0910N+Bpn9yn4OtIXRRFyOlCUw=
Received: by 10.86.98.18 with SMTP id v18mr2540251fgb.46.1235346908654;
	Sun, 22 Feb 2009 15:55:08 -0800 (PST)
Received: from ?192.168.1.2? (129-140.3-85.cust.bluewin.ch [85.3.140.129])
	by mx.google.com with ESMTPS id 3sm6192997fge.52.2009.02.22.15.55.08
	(version=SSLv3 cipher=RC4-MD5); Sun, 22 Feb 2009 15:55:08 -0800 (PST)
Message-ID: <49A1E5DB.4010108@gmail.com>
Date: Mon, 23 Feb 2009 00:55:07 +0100
From: phcoder <phcoder@gmail.com>
User-Agent: Thunderbird 2.0.0.19 (X11/20090105)
MIME-Version: 1.0
To: The development of GRUB 2 <grub-devel@gnu.org>
References: <49A152BD.6010907@student.ethz.ch>	<49A1782B.3010000@nic.fi>	<49A19A05.6030606@student.ethz.ch>	<49A19D67.2060003@nic.fi>	<49A1A47F.30701@student.ethz.ch>	<49A1C092.5040309@gmail.com>
	<49A1DA09.7080601@student.ethz.ch>
In-Reply-To: <49A1DA09.7080601@student.ethz.ch>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2)
Subject: Re: GRUB trusted boot framework
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: The development of GRUB 2 <grub-devel@gnu.org>
List-Id: The development of GRUB 2 <grub-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Feb 2009 23:55:12 -0000

Jan Alsenz wrote:
> phcoder wrote:
>>> Oh, I want!
>>> If I remember correctly, exactly this broke the protection on some
>>> game console!
>> Do you refer to Xbox crack based on King kong game? For once their goal
>> is the evil one. For second the problem is a buffer overflow in
>> rendering engine, not the not checking part. If you want to make a
>> secure system it must be free of such bugs. Or you may as well hash the
>> whole hd and be hacked through network code. Here is where advantages of
>> open developement come in play
> 
> It is totally irrelevant, if the purpose is good or evil, if it can break the
> system.
> And since it is awfully difficult to produce bug free code, the goal must be to
> reduce the code that has to be bug free to the absolute (and openly known)
> minimum: In this case I'd say the reasonable choice is the fs driver code.
> 
You can't really do this. You can safeguard from e.g. fonts drivers 
bugs. But what do you do with vulnerabilities with usb code. Some may 
connect an evil mouse to the computer
>>> But how do I get it into every possible loader?
>> s/grub_gzio_open(filename, 1)/grub_gnupg_open(filename, GZIO_TRANSPARENT)
>> s/grub_file_open(filename)/grub_gnupg_open(filename, 0)
> 
> With "every possible loader", I wanted to include unknown future loaders.
> 
New loaders will use the existing ones as a template. I did
> That would be a good idea.
> The difference between your and my solution was, that mine it had secure as default.
Mine too. It involves just using right code. If a developer wants to 
wrote unsecure code he can always, otherwise I don't see why he wouldn't 
use e.g. linux loader as a template
> - (It may be useful to have some order within the hooks)
It's even necessary. Otherwise you can't know if you have first to 
compress or to sign