From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1LdAja-0000Hu-TF for mharc-grub-devel@gnu.org; Fri, 27 Feb 2009 16:59:06 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LdAjZ-0000G2-3P for grub-devel@gnu.org; Fri, 27 Feb 2009 16:59:05 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LdAjX-0000De-9h for grub-devel@gnu.org; Fri, 27 Feb 2009 16:59:04 -0500 Received: from [199.232.76.173] (port=48108 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LdAjX-0000DQ-3E for grub-devel@gnu.org; Fri, 27 Feb 2009 16:59:03 -0500 Received: from xsmtp0.ethz.ch ([82.130.70.14]:12761) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LdAjW-0004lP-LV for grub-devel@gnu.org; Fri, 27 Feb 2009 16:59:02 -0500 Received: from xfe2.d.ethz.ch ([82.130.124.42]) by XSMTP0.ethz.ch with Microsoft SMTPSVC(6.0.3790.3959); Fri, 27 Feb 2009 22:58:54 +0100 Received: from [192.168.2.75] ([81.221.130.170]) by xfe2.d.ethz.ch over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Fri, 27 Feb 2009 22:58:54 +0100 Message-ID: <49A861A0.2000601@student.ethz.ch> Date: Fri, 27 Feb 2009 22:56:48 +0100 From: Jan Alsenz User-Agent: Thunderbird 2.0.0.19 (X11/20090104) MIME-Version: 1.0 To: The development of GRUB 2 References: <49A152BD.6010907@student.ethz.ch> <20090227204226.GI31629@thorin> In-Reply-To: <20090227204226.GI31629@thorin> X-Enigmail-Version: 0.95.7 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigDD26E347117DE8CFBFF8B283" X-OriginalArrivalTime: 27 Feb 2009 21:58:54.0769 (UTC) FILETIME=[95327A10:01C99926] X-detected-operating-system: by monty-python.gnu.org: Windows 2000 SP4, XP SP1+ Subject: Re: GRUB hardened boot framework X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2009 21:59:05 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigDD26E347117DE8CFBFF8B283 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Robert Millan wrote: > On Sun, Feb 22, 2009 at 02:27:25PM +0100, Jan Alsenz wrote: >> If we could agree on this, then I think we could find a way to extend = the GRUB >> module system to fully allow this. >> >> From my point of view the minimal needed features for these systems ar= e: >> - easy exchange of the MBR binary to be installed >> - easy exchange of the core.img loader binary >> - hooks for any disk read (not sure if write is necessary) >> >> (I didn't check if any of these is already implemented) >> >> Last part to agree on would then be, that these infrastructure feature= s should >> be in the mainline code. >=20 > Hi, >=20 > The last stage is much simpler. Just put /boot/ in a crypted filesyste= m (we > have a patch liing around which is pending to merge). Yes, that would also be an idea. Then the filesystem needs the authentication. > That only leaves MBR and core.img. You can either check both from firm= ware > (does any BIOS allow this?) or do some funny gimmicks in MBR ;-) There might be some boot virus protections, that could be abused. Or othe= rwise - coreboot. >> That way it would be easy to develop various trusted boot solutions (a= nd >> probably some other systems too), but keep all the controversial code = out of >> mainline. >=20 > I appreciate your interest in avoiding controversy. If you want that, = then > please don't refer to this as "trusted". It is implied that all the co= de in > GRUB is already trusted by its user. The difference here is that our s= ystem > would be hardened against physical attack, it doesn't change anything a= bout > who is able to "trust" your computer and who isn't. Alright, hardened then. Personally I would still use "trusted", but it has been a bit overly (mis= )used in the recent past, which could lead to misunderstandings. Greets, Jan --------------enigDD26E347117DE8CFBFF8B283 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkmoYb0ACgkQfZylhtn4XvcXAgCfciY7lkv/n04s37bBDrSzYSVG bsgAoMv++WBGWDQUJFpR90I5ulAOg95a =sTqq -----END PGP SIGNATURE----- --------------enigDD26E347117DE8CFBFF8B283--