From: Vladimir 'phcoder' Serbinenko <phcoder@gmail.com>
To: The development of GRUB 2 <grub-devel@gnu.org>
Subject: Re: Protection of boot sector and embedded area
Date: Sun, 27 Sep 2009 01:01:58 +0200 [thread overview]
Message-ID: <4ABE9D66.4010801@gmail.com> (raw)
In-Reply-To: <ad2655cb0909261547k231c672bu31656dae8dcae33e@mail.gmail.com>
James Courtier-Dutton wrote:
> 2009/9/26 Vladimir 'phcoder' Serbinenko <phcoder@gmail.com>:
>
>> James Courtier-Dutton wrote:
>>
>>> 2009/9/26 Vladimir 'phcoder' Serbinenko <phcoder@gmail.com>:
>>>
>>>
>>>> It's generally a bad idea to chase grub out of MBR+embed area. It often
>>>> results in unreliable configurations. Could you detail your usecase so
>>>> we can seek for a bettere solution?
>>>>
>>>>
>>> The other thing sitting in the embedded area is a whole disc encryption product.
>>> It takes up about 60 sectors of the 64 sectors of the embedded area.
>>>
>>>
>> I guess you speak about truecrypt. In this case the solution I would
>> recommend is to make grub load truecrypt's embedding area from a file on
>> the disk (it probably can be extracted from truecrypt w/o installing
>> booter). It's not a difficult task, just nobody did it yet (volunteers
>> are welcome).
>> Beware that truecrypt is distributed under a license which has legal
>> danger to the end user.
>> https://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt
>> Of course it's your choice to use it or not but I would suggest to avoid
>> such software especially for the data you need to protect
>>
>
> It is not truecrypt.
> I would argue that a "full disk encryption" product should be in the
> boot sector/embedded area and everything else, even grub should load
> after it.
>
>
It has no benefit other than giving you a wrong impression of additional
security (feel free to expose your arguments). Actually having grub
before disk encryption is beneficial for configuration purposes
(encryption program is only loaded when needed)
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> http://lists.gnu.org/mailman/listinfo/grub-devel
>
>
next prev parent reply other threads:[~2009-09-26 23:02 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-26 8:28 Protection of boot sector and embedded area James Courtier-Dutton
2009-09-26 8:57 ` Colin Watson
2009-09-26 9:07 ` James Courtier-Dutton
2009-09-26 9:13 ` Colin Watson
2009-09-26 10:40 ` James Courtier-Dutton
2009-09-26 10:47 ` Felix Zielcke
2009-09-26 14:49 ` Vladimir 'phcoder' Serbinenko
2009-09-26 21:57 ` James Courtier-Dutton
2009-09-26 22:07 ` Vladimir 'phcoder' Serbinenko
2009-09-26 22:47 ` James Courtier-Dutton
2009-09-26 23:01 ` Vladimir 'phcoder' Serbinenko [this message]
2009-09-27 11:37 ` Michal Suchanek
2009-09-27 12:21 ` James Courtier-Dutton
2009-09-27 12:41 ` Vladimir 'phcoder' Serbinenko
2009-09-26 22:12 ` Vladimir 'phcoder' Serbinenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4ABE9D66.4010801@gmail.com \
--to=phcoder@gmail.com \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.