From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with archive (Exim 4.43)
	id 1Ewdgv-0003sV-2a
	for mharc-grub-devel@gnu.org; Wed, 11 Jan 2006 05:58:57 -0500
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1Ewdg3-0003a3-AR
	for grub-devel@gnu.org; Wed, 11 Jan 2006 05:58:03 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1Ewdes-0003Oc-Fc
	for grub-devel@gnu.org; Wed, 11 Jan 2006 05:56:54 -0500
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1EwdbE-0002uJ-Ue
	for grub-devel@gnu.org; Wed, 11 Jan 2006 05:53:06 -0500
Received: from [194.109.24.22] (helo=smtp-vbr2.xs4all.nl)
	by monty-python.gnu.org with esmtp (Exim 4.34) id 1Ewddq-0006jB-Hu
	for grub-devel@gnu.org; Wed, 11 Jan 2006 05:55:46 -0500
Received: from localhost.localdomain (mgerards.xs4all.nl [82.92.27.129])
	by smtp-vbr2.xs4all.nl (8.13.3/8.13.3) with ESMTP id k0BAoukn034312
	for <grub-devel@gnu.org>; Wed, 11 Jan 2006 11:50:57 +0100 (CET)
	(envelope-from mgerards@xs4all.nl)
Mail-Copies-To: mgerards@xs4all.nl
To: The development of GRUB 2 <grub-devel@gnu.org>
References: <20060111064311.79461.qmail@web53609.mail.yahoo.com>
From: Marco Gerards <mgerards@xs4all.nl>
Date: Wed, 11 Jan 2006 11:50:56 +0100
In-Reply-To: <20060111064311.79461.qmail@web53609.mail.yahoo.com>
	(algorist2000@yahoo.com's message of "Tue,
	10 Jan 2006 22:43:11 -0800 (PST)")
Message-ID: <87hd8box67.fsf@xs4all.nl>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Virus-Scanned: by XS4ALL Virus Scanner
Subject: Re: Some Ideas about booting security
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: The development of GRUB 2 <grub-devel@gnu.org>
List-Id: The development of GRUB 2 <grub-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jan 2006 10:58:51 -0000

paradox <algorist2000@yahoo.com> writes:

Hi,

>    I am a EE Dr. in trust computing.Our researching
> group has modified the grub 0.95 stage 1.5 code to add
> functions of Authentication and kernel and initrd's
> integrity check (use md5 digest algorithm and an usb
> security key),buy it is only a toy.
>
>    I has some ideas on booting security, and want to
> try them in grub2. here is a simple introduce:
>   
>     first, about trust chains in trust machine. a
> trust computing machine should has a trust chains from
> power on to the system envirment.in the trust chains,
> MBR Data should be checked by trust machine, in the
> MBR, grub should make a bios call, let trust bios
> check the stage 2's data in the partition header. then
> grub stage2 should check the integrity of the modules,
> kernels, initrds, and config file. it is only for
> business systems, but sb need it badly.

Isn't this something Intel focusses on by using EFI?

>     second, about priviledge control of grub 2. we can
> assume there has serveal people using a machine with
> serveal system, i.e., developing system, testing
> system, working system, and a windows system.perhaps
> one will only be permitted to booting one or two
> systems,for example, only system administrator can use
> a cdrom to booting the system. we can add a login and
> passwd check interface in the beginning of the stage
> 2, give the different user the different booting
> selection.can we build a mod to do this?

There is not stage 2 anymore in GRUB 2.  Perhaps you can put this in
an initialization routine in some GRUB 2 module.  Or even better in
the script grub.cfg.  Please keep in mind that GRUB 2 is GPL'ed so
anything that links to it, including modules, should be GPL'ed as
well.  Another thing you should know is that the interfaces of GRUB 2
are not fixed.

>     third , about Copyrights. I don't think GPL is the
> best choice for opensources, but we still need it. in
> my opinion,the best public license should give a
> public standard, allowing everyone use it for everying
> except new non_public standard. So I want split  my 
> work to two part, one part is on GPL, make interfaces
> with the protection of GPL, the other part is
> independent and totally free. Is it a good idea?

What does the license have to do with copyright?  GRUB 2 will remain
copyrighted by the FSF.  And I am not sure what you mean with
opensources, what are you referring to?  GRUB is is not open source.

What do you mean with public standard?  GRUB 2 is software.

I am not sure what you are heading to with that last part.  The GPL is
completely free *and* it protects your freedoms.  What else can you
wish for?  As I explained above, all code linked to GRUB 2 should be
GPL'ed.  But because I am not a lawyer, you can better contact one to
be sure.

>    Last is a question: Is there anyone try to booting
> grub2 on mips ?

Not yet, but I assume it will be quite easy to port GRUB 2.  Which
MIPS based machine did you have in mind?

--
Marco