From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with archive (Exim 4.43)
	id 1MrgHH-0001UC-4u
	for mharc-grub-devel@gnu.org; Sat, 26 Sep 2009 19:02:07 -0400
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1MrgHG-0001U7-Di
	for grub-devel@gnu.org; Sat, 26 Sep 2009 19:02:06 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1MrgHC-0001Ti-PP
	for grub-devel@gnu.org; Sat, 26 Sep 2009 19:02:06 -0400
Received: from [199.232.76.173] (port=51667 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1MrgHC-0001Te-Iq
	for grub-devel@gnu.org; Sat, 26 Sep 2009 19:02:02 -0400
Received: from fg-out-1718.google.com ([72.14.220.156]:42041)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <phcoder@gmail.com>) id 1MrgHB-0004UR-La
	for grub-devel@gnu.org; Sat, 26 Sep 2009 19:02:02 -0400
Received: by fg-out-1718.google.com with SMTP id e21so398849fga.12
	for <grub-devel@gnu.org>; Sat, 26 Sep 2009 16:02:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from
	:user-agent:mime-version:to:subject:references:in-reply-to
	:content-type:content-transfer-encoding;
	bh=RArF3H6ugwTiCBUKss8kKTutY78VLvBGk4z6ZpWpZ+M=;
	b=icwX7CpxUaP8r1z+H26mmlzxLKVWbToTUFxfKID2x3M27okPUKfzXaJNlxH+/+axUI
	tjQfifuNeJC8XJZQvmjzn/evlkoh4JKMSD0ZK/6Cd2JVg0QFioRCdeIQEojPd3BAsfn6
	7zmgYS/Ip9VXpQ9x9PnDiy2V6v0cZDI3QXDT8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:user-agent:mime-version:to:subject:references
	:in-reply-to:content-type:content-transfer-encoding;
	b=IceL8XNgu4SLbrqhGUNLWoq2Njzk6jdW794M2qQ5VXkZkwVgrrwJV9bM6d2eTDH4Le
	Rz97EOQ0GWfk94z+ak/nxntAvagR3wwDsMGT1f/gszdqf6NuOfOECx50r0shyvJuf089
	bGMK932Vd9MlFYHz4GSskVrQymUG2e7kFkefA=
Received: by 10.87.66.2 with SMTP id t2mr2100572fgk.62.1254006120704;
	Sat, 26 Sep 2009 16:02:00 -0700 (PDT)
Received: from ?192.168.1.16? ([81.62.99.218])
	by mx.google.com with ESMTPS id d6sm3006507fga.16.2009.09.26.16.01.59
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Sat, 26 Sep 2009 16:01:59 -0700 (PDT)
Message-ID: <4ABE9D66.4010801@gmail.com>
Date: Sun, 27 Sep 2009 01:01:58 +0200
From: Vladimir 'phcoder' Serbinenko <phcoder@gmail.com>
User-Agent: Mozilla-Thunderbird 2.0.0.22 (X11/20090701)
MIME-Version: 1.0
To: The development of GRUB 2 <grub-devel@gnu.org>
References: <ad2655cb0909260128y1fe1902bm11dcdafebbba8906@mail.gmail.com>	<20090926085720.GV13423@riva.ucam.org>	<ad2655cb0909260207h8fc6da3tb23695d1ba39cad9@mail.gmail.com>	<4ABE2A10.2010302@gmail.com>	<ad2655cb0909261457p1830bd0cq45b0ce1a62dd5730@mail.gmail.com>	<4ABE90AA.2010000@gmail.com>
	<ad2655cb0909261547k231c672bu31656dae8dcae33e@mail.gmail.com>
In-Reply-To: <ad2655cb0909261547k231c672bu31656dae8dcae33e@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2)
Subject: Re: Protection of boot sector and embedded area
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: The development of GRUB 2 <grub-devel@gnu.org>
List-Id: The development of GRUB 2 <grub-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Sep 2009 23:02:06 -0000

James Courtier-Dutton wrote:
> 2009/9/26 Vladimir 'phcoder' Serbinenko <phcoder@gmail.com>:
>   
>> James Courtier-Dutton wrote:
>>     
>>> 2009/9/26 Vladimir 'phcoder' Serbinenko <phcoder@gmail.com>:
>>>
>>>       
>>>> It's generally a bad idea to chase grub out of MBR+embed area. It often
>>>> results in unreliable configurations. Could you detail your usecase so
>>>> we can seek for a bettere solution?
>>>>
>>>>         
>>> The other thing sitting in the embedded area is a whole disc encryption product.
>>> It takes up about 60 sectors of the 64 sectors of the embedded area.
>>>
>>>       
>> I guess you speak about truecrypt. In this case the solution I would
>> recommend is to make grub load truecrypt's embedding area from a file on
>> the disk (it probably can be extracted from truecrypt w/o installing
>> booter). It's not a difficult task, just nobody did it yet (volunteers
>> are welcome).
>> Beware that truecrypt is distributed under a license which has legal
>> danger to the end user.
>> https://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt
>> Of course it's your choice to use it or not but I would suggest to avoid
>> such software especially for the data you need to protect
>>     
>
> It is not truecrypt.
> I would argue that a "full disk encryption" product should be in the
> boot sector/embedded area and everything else, even grub should load
> after it.
>
>   
It has no benefit other than giving you a wrong impression of additional
security (feel free to expose your arguments). Actually having grub
before disk encryption is beneficial for configuration purposes
(encryption program is only loaded when needed)
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> http://lists.gnu.org/mailman/listinfo/grub-devel
>
>