From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1LdBwn-0004Th-If for mharc-grub-devel@gnu.org; Fri, 27 Feb 2009 18:16:49 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LdBwm-0004Sm-9a for grub-devel@gnu.org; Fri, 27 Feb 2009 18:16:48 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LdBwi-0004Pu-8z for grub-devel@gnu.org; Fri, 27 Feb 2009 18:16:47 -0500 Received: from [199.232.76.173] (port=39903 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LdBwi-0004Pp-1G for grub-devel@gnu.org; Fri, 27 Feb 2009 18:16:44 -0500 Received: from fg-out-1718.google.com ([72.14.220.157]:21974) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LdBwh-0004lA-PX for grub-devel@gnu.org; Fri, 27 Feb 2009 18:16:43 -0500 Received: by fg-out-1718.google.com with SMTP id l27so684897fgb.30 for ; Fri, 27 Feb 2009 15:16:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=hXjVraN3gHb8NC+2EApaPGkwItWi3TfxTfi7/jPHEic=; b=gqMT5dO2bge8tUmXp2WQWzFAzTjB1OJaw1YauDGEOK3/v9vvj2pfLju9DlbGEI81hp 5VkGLr7CY2HFLziQ/oC5l3ztbpER5tMVencrysv3uWrKU0VjuxzpdDCHmPgTzLKnJ0XU o8WjgN6nCemkAsqJ6QZD4SdbilnenngmT3lVg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=VGHQiy23edo1wWdEc6dTyqkqPzJg2tkiR35/aBZwfQFPyQf/Ck6wO6oNvZU7KabF6n yDHadL9vXGrlGN3X38HNGhbimjpoap7hQedS/3xOHJ1egoy/8kgtMTck/boUB95sNSvb rvxlhsvB1MkBTIWvS9YpwR+o/eJ9fd7+EV2nM= Received: by 10.86.51.10 with SMTP id y10mr3704405fgy.51.1235776602613; Fri, 27 Feb 2009 15:16:42 -0800 (PST) Received: from ?192.168.1.25? (220-185.62-81.cust.bluewin.ch [81.62.185.220]) by mx.google.com with ESMTPS id d4sm1973328fga.55.2009.02.27.15.16.41 (version=SSLv3 cipher=RC4-MD5); Fri, 27 Feb 2009 15:16:42 -0800 (PST) Message-ID: <49A8745A.2000007@gmail.com> Date: Sat, 28 Feb 2009 00:16:42 +0100 From: phcoder User-Agent: Thunderbird 2.0.0.19 (X11/20090105) MIME-Version: 1.0 To: The development of GRUB 2 References: <49A152BD.6010907@student.ethz.ch> <20090227204226.GI31629@thorin> <49A861A0.2000601@student.ethz.ch> <20090227222230.GA7907@thorin> <49A86F7B.8030201@gmail.com> <20090227230851.GC7907@thorin> In-Reply-To: <20090227230851.GC7907@thorin> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2) Subject: Re: GRUB hardened boot framework X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2009 23:16:48 -0000 > > I stand corrected; But in that case, measurement can still be implemented > at the filesystem level? > Yes it can be done. Most common way is to attach a mac to every sector (like a signature but uncheckable without the key). One could also implement mac on filesystems like btrfs. It doesn't solve all the problems however. It can't be used e.g. for checking authenticity of files received through network. IMO both approaches are important and we should provide the basic interface for both. Then people who are interested in implementing it can do it in a clean way which fits the general design. -- Regards Vladimir 'phcoder' Serbinenko