From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1LdClf-0005nY-H6 for mharc-grub-devel@gnu.org; Fri, 27 Feb 2009 19:09:23 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LdCld-0005mq-2S for grub-devel@gnu.org; Fri, 27 Feb 2009 19:09:21 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LdCla-0005iE-Jz for grub-devel@gnu.org; Fri, 27 Feb 2009 19:09:19 -0500 Received: from [199.232.76.173] (port=37463 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LdCla-0005i3-Ak for grub-devel@gnu.org; Fri, 27 Feb 2009 19:09:18 -0500 Received: from xsmtp0.ethz.ch ([82.130.70.14]:24398) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LdClZ-0001rJ-Od for grub-devel@gnu.org; Fri, 27 Feb 2009 19:09:18 -0500 Received: from xfe2.d.ethz.ch ([82.130.124.42]) by XSMTP0.ethz.ch with Microsoft SMTPSVC(6.0.3790.3959); Sat, 28 Feb 2009 01:09:16 +0100 Received: from [192.168.2.75] ([81.221.130.170]) by xfe2.d.ethz.ch over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Sat, 28 Feb 2009 01:09:16 +0100 Message-ID: <49A88045.3020209@student.ethz.ch> Date: Sat, 28 Feb 2009 01:07:33 +0100 From: Jan Alsenz User-Agent: Thunderbird 2.0.0.19 (X11/20090104) MIME-Version: 1.0 To: The development of GRUB 2 References: <49A152BD.6010907@student.ethz.ch> <20090227204226.GI31629@thorin> <49A861A0.2000601@student.ethz.ch> <20090227222230.GA7907@thorin> <49A86F7B.8030201@gmail.com> <49A872D1.5010608@student.ethz.ch> <49A874B9.8030403@gmail.com> <20090227232607.GA29722@thorin> In-Reply-To: <20090227232607.GA29722@thorin> X-Enigmail-Version: 0.95.7 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig841C51177C57BB58462FF42E" X-OriginalArrivalTime: 28 Feb 2009 00:09:16.0519 (UTC) FILETIME=[CB52CF70:01C99938] X-detected-operating-system: by monty-python.gnu.org: Windows 2000 SP4, XP SP1+ Subject: Re: GRUB hardened boot framework X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Feb 2009 00:09:21 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig841C51177C57BB58462FF42E Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Robert Millan wrote: > On Sat, Feb 28, 2009 at 12:18:17AM +0100, phcoder wrote: >>> If the code that does the authentication is loaded from the encrypted= partition, >>> without being checked, this is true, but we assume, that core.img is = already >>> loaded (and checked), so the authentication code is not on the encryp= ted >>> partition, and can detect any tampering. >> As far as I understood Robert Millan was suggesting that just encrypti= ng =20 >> (but not verifying) your kernel is enough. I wanted to show wha it is= n't >=20 > Fair enough. My point is that we don't need overcomplicated mechanisms= to > measure every module, config file or component separately. After core.= img > is verified/loaded, it's much simpler to handle the rest at this layer > below the filesystem, which doesn't require significant redesign of how= > GRUB works. Well, the problem there will probably be, that no commonly used disk encr= yption (e.g. dm-crypt) uses checksums (as far as I know), when reading from disk= =2E So if you want to be compatible, the check of the files needs to be done either= by the filesystem (which only very few can do), or by a separate layer. Which brings us back to the initial idea. In any case, for all the crypto stuff it would be a good idea, to have so= me general GRUB crypto-library, that everyone could use. Probably like it is= done in the linux kernel. This could then also be used for the password command. Greets, Jan --------------enig841C51177C57BB58462FF42E Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkmogEsACgkQfZylhtn4XvcaUgCeKuVC8BfTN8spHaNy4ENGfDKA epoAn0xs/Q2HLMykomaswtEfN6UkLvTt =DaXl -----END PGP SIGNATURE----- --------------enig841C51177C57BB58462FF42E--