From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.71)
	id 1UYLYK-0000UG-Gv
	for mharc-grub-devel@gnu.org; Fri, 03 May 2013 15:21:56 -0400
Received: from eggs.gnu.org ([208.118.235.92]:59327)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <t.bubeck@reinform.de>) id 1UYLYH-0000Qf-HY
	for grub-devel@gnu.org; Fri, 03 May 2013 15:21:54 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <t.bubeck@reinform.de>) id 1UYLYF-0000aj-TK
	for grub-devel@gnu.org; Fri, 03 May 2013 15:21:53 -0400
Received: from gw1.reinform.de ([82.141.45.9]:48999)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <t.bubeck@reinform.de>) id 1UYLYF-0000ZY-Ip
	for grub-devel@gnu.org; Fri, 03 May 2013 15:21:51 -0400
Received: from postfix.loef.reinform.de (postfix.loef.reinform.de [10.1.1.39])
	by mail-out.dmz.loef.reinform.de (Postfix) with ESMTP id 694A44C71A
	for <grub-devel@gnu.org>; Fri,  3 May 2013 21:21:49 +0200 (CEST)
Received: from mail.reinform.de (mail.reinform.de [82.141.45.14])
	by postfix.loef.reinform.de (Postfix) with ESMTP id EFC6B1BDDD
	for <grub-devel@gnu.org>; Fri,  3 May 2013 21:21:48 +0200 (CEST)
Received: from brain.wid.reinform.de (p5B2CE3B6.dip0.t-ipconnect.de
	[91.44.227.182])
	(using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.reinform.de (Postfix) with ESMTPSA id B798EA7A01
	for <grub-devel@gnu.org>; Fri,  3 May 2013 21:21:48 +0200 (CEST)
Received: from [10.2.1.27] (kitschle.wid.reinform.de [10.2.1.27])
	by brain.wid.reinform.de (Postfix) with ESMTP id 935A088180
	for <grub-devel@gnu.org>; Fri,  3 May 2013 21:21:47 +0200 (CEST)
Message-ID: <51840E4B.1010807@reinform.de>
Date: Fri, 03 May 2013 21:21:47 +0200
From: "Dr. Tilmann Bubeck" <t.bubeck@reinform.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:17.0) Gecko/20130402 Thunderbird/17.0.5
MIME-Version: 1.0
To: grub-devel@gnu.org
Subject: Re: GRUB and the risk of block list corruption in extX
References: <51138645.4050405@ts.fujitsu.com>
	<20130503090123.3b1f3c4d@opensuse.site>
	<518373A2.1030300@ts.fujitsu.com>
In-Reply-To: <518373A2.1030300@ts.fujitsu.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4.x
X-Received-From: 82.141.45.9
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: The development of GNU GRUB <grub-devel@gnu.org>
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Fri, 03 May 2013 19:21:54 -0000

There is a solution under way. Linux 3.10 will include code written by 
me to secure core.img of grub when running from ext4. This means, that 
ext4 will be as safe to use for grub chainloading as btrfs or any other 
filesystem offering "embedding".

I am currently extending grub-setup.c to use this new functionality. I 
will send a patch to this list in a few days. Hopefully you can apply 
this patch, so that this issue will be fixed.

Kind regards,
  Till


Am 03.05.2013 10:21, schrieb Martin Wilck:
> Andrey,
>
>> Here is example how using filesystem blocklists may lead to unbootable
>> system without any extX corruption involved.
>>
>> - user sets up multiboot system with Windows as primary bootloader
>> - standard technique to add Linux loaders has always been - copy
>>    partition boot sector and "launch" it from Windows loader
>> - user copies Linux partition boot sector which points to core.imng
>>    absolute disk position
>> - user updates grub in Linux. core.img is rewritten and its position
>>    changes
>> - next time user tries to boot Linux (s)he gets blinking cursor
>>
>> So *any* third party bootloader that relies on being able to
>> "chainload" *copy* of boot sector will give you the same issue.
>
> I understand. It's generally understood that updating core.img without
> updating the boot sector is a bad idea. In this particular case updating
> the boot sector is not enough because the copy needs to be updated, too.
>
> The background for my question was a different scenario, with a
> chainload-capable boot loader in the MBR and secondary boot loaders in
> partition boot sectors. It is that scenario that the new anaconda
> installer doesn't support any more, and the major argument from the
> Fedora devs for this (apart from sparing dev and QA resources) was the
> warning emitted by GRUB when users try to install using block lists.
>
> I am still convinced that the risk of boot loader corruption in that
> scenario is extremely low.
>
> Martin
>


-- 
+-------+-------------------------------------------------------------+
|       | dr. tilmann bubeck               reinform medien- und       |
|       |                                  informationstechnologie AG |
| rein  | fon  : +49 (711) 7 82 76-52      loeffelstr. 40             |
| form  | fax  : +49 (711) 7 82 76-46      70597 stuttgart / germany  |
|    AG | cell.: +49 (172) 8 84 29 72      fon: +49 (711) 75 86 56-10 |
|       | email: t.bubeck@reinform.de      http://www.reinform.de     |
|       +-------------------------------------------------------------+
|       | pflichtangaben nach paragraph 80, AktG:                     |
|       | reinform medien- und informationstechnologie AG, stuttgart  |
|       | handelsregister stuttgart, HRB 23001                        |
|       | vorstand:     dr. tilmann bubeck (vorsitz)                  |
|       | aufsichtsrat: frank stege (vorsitz)                         |
+-------+-------------------------------------------------------------+