Re: Signature verification in GRUB - Vladimir 'φ-coder/phcoder' Serbinenko

From: "Vladimir 'φ-coder/phcoder' Serbinenko" <phcoder@gmail.com>
To: grub-devel@gnu.org
Subject: Re: Signature verification in GRUB
Date: Thu, 18 Oct 2012 20:06:11 +0200	[thread overview]
Message-ID: <50804513.8010804@gmail.com> (raw)
In-Reply-To: <alpine.DEB.2.02.1210151408490.29940@salmon-of-wisdom.skyblue-technologies.com>

[-- Attachment #1: Type: text/plain, Size: 2559 bytes --]

On 15.10.2012 23:33, Geoffrey Thomas wrote:

> On Sat, 13 Oct 2012, Vladimir 'φ-coder/phcoder' Serbinenko wrote:
> 
>>> First, does GRUB has a mechanism for me to validate a digitally-signed
>>> file of some sort? This could be e.g. a PGP-signed file or something
>>> from `openssl dgst -sign`. I see that GRUB has all the relevant crypto
>>> primitives to do this, but I can't find a command to invoke them. (As
>>> far as I can tell, gcrypt is only used for PBKDF2 and cryptodisk
>>> support?)
>>>
>>
>> I have some code dating from about a year ago but because of my current
>> personal situation it's put on hold for some time.
> 
> Do you have something I can start from that you could drop somewhere? I
> haven't begun implementing this yet, and I suspect that starting from
> your code would be helpful for getting this done faster and also doing
> it in a style compatible with upstream.
> 

I want to do it myself. I'm likely to get some time for it in December.

> Also, a slightly more generic question -- what's a reasonable format
> here? I'm kind of surprised to find that openssl has no generic command
> to sign a file or verify it's signatures. I could use PGP, but we're
> already using SSL-style certificates for Authenticode, so I'd prefer not
> generate another key with a completely different format. That said, if
> more people will find PGP verification useful, I can implement that.
> 

It has to be gnupg signatures.

>> Is there some doc on dm-verify? It may be interesting.
> 
> http://code.google.com/p/cryptsetup/wiki/DMVerity
> is the official documentation.
> 
> Briefly, you generate a salted hash tree of each block (and in turn of
> the blocks containing the hashes) until you get a root hash. So with a
> trusted way to get the root hash, the original device, and a device/file
> containing the hashes, you can generate a new (read-only) device that
> validates hashes up to the root, and throws an IO error if the data has
> been tampered with.
> 

Doesn't sound like best way. MAC-tree would be better cryptographically
(third party would be unable to verify, which is of advantage) and would
be easier to write to.

> The "veritysetup" command in sbin in recent cryptsetup versions can
> generate the hash tree and print out the root hash.
> 
> 
> 
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel

-- 
Regards
Vladimir 'φ-coder/phcoder' Serbinenko

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 294 bytes --]