From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1LdAzj-0000LZ-Vr for mharc-grub-devel@gnu.org; Fri, 27 Feb 2009 17:15:48 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LdAzi-0000KO-9r for grub-devel@gnu.org; Fri, 27 Feb 2009 17:15:46 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LdAzg-0000Io-VC for grub-devel@gnu.org; Fri, 27 Feb 2009 17:15:45 -0500 Received: from [199.232.76.173] (port=53240 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LdAzg-0000IZ-OM for grub-devel@gnu.org; Fri, 27 Feb 2009 17:15:44 -0500 Received: from mail-fx0-f172.google.com ([209.85.220.172]:39860) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LdAzg-0006gZ-BB for grub-devel@gnu.org; Fri, 27 Feb 2009 17:15:44 -0500 Received: by fxm20 with SMTP id 20so1259883fxm.42 for ; Fri, 27 Feb 2009 14:15:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=2KoAc6IJ3mrGuF0MQ98QRY3MOxwAhP4qn4A1nlNN5tk=; b=eWBahWvr2A0D9QCB+Ed8du0RvObJwOcOdSnONQ5uSQEkaQ83pBybzq/19hEGr0nBXT qU3lV+lbmg9Qv0hgTE5kGKI/79vEVYpwdm3hf9x5tKb5F5TTnAmlNT8/YiJ+zkj6zOJm x0c900j6ENHXfbkxE5PsDdh7tHLQtOTJNuFHc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=aNGLOTXuMXpxjig9gVaSLuSHcR72ueIIO0Ye7hsqSo3wDDD4k7iJ4utgZfP7Qs0bSG qEEnEtrzvVT6iTSpq0qR7Cgbdsdi30ROoM7yYYb40hdYdGWXLKi0c8ksgemA2PGD6VbU A5+3Ekvf8qDYxzf49yOkV5PZAOXyVAlktzsnI= Received: by 10.86.33.10 with SMTP id g10mr407602fgg.47.1235772942348; Fri, 27 Feb 2009 14:15:42 -0800 (PST) Received: from ?192.168.1.25? (220-185.62-81.cust.bluewin.ch [81.62.185.220]) by mx.google.com with ESMTPS id 12sm3372935fgg.53.2009.02.27.14.15.41 (version=SSLv3 cipher=RC4-MD5); Fri, 27 Feb 2009 14:15:41 -0800 (PST) Message-ID: <49A8660D.4020307@gmail.com> Date: Fri, 27 Feb 2009 23:15:41 +0100 From: phcoder User-Agent: Thunderbird 2.0.0.19 (X11/20090105) MIME-Version: 1.0 To: The development of GRUB 2 References: <49A152BD.6010907@student.ethz.ch> <20090227204226.GI31629@thorin> <49A861A0.2000601@student.ethz.ch> In-Reply-To: <49A861A0.2000601@student.ethz.ch> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2) Subject: Re: GRUB hardened boot framework X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2009 22:15:46 -0000 >> The last stage is much simpler. Just put /boot/ in a crypted filesystem (we >> have a patch liing around which is pending to merge). > > Yes, that would also be an idea. > Then the filesystem needs the authentication. Encrypted filesystems don't prevent some attacks as inconsistent rollback. Suppose that some program is written like if (!authenthicated) return error; Let's say this is in sector X on disk. But then author added something before this function and this code is shifted to the sector X+1. However attacker has kept the previous sector X+1. Then he rewrites the sector X+1 with its previous version and bypasses the authentication. It's difficult attack but is still possible. Actually mac checksumming or signatures are better way to protect the system. Encrypting mainly protects from someone looking at data but isn't so good in detecting/protecting from modification. And normally you have no reason to hide you linux system partition. Additionally hashes are faster then encryptions. > >> That only leaves MBR and core.img. You can either check both from firmware >> (does any BIOS allow this?) or do some funny gimmicks in MBR ;-) > > There might be some boot virus protections, that could be abused. Or otherwise - > coreboot. Yes. My BIOS has boot virus protection but I haven't tested yet how it works -- Regards Vladimir 'phcoder' Serbinenko