From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1Vj1e4-0007rs-Iu for mharc-grub-devel@gnu.org; Wed, 20 Nov 2013 01:52:16 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:54835) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Vj1dx-0007qr-Lu for grub-devel@gnu.org; Wed, 20 Nov 2013 01:52:15 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Vj1ds-0000dR-2D for grub-devel@gnu.org; Wed, 20 Nov 2013 01:52:09 -0500 Received: from mail-ea0-x22a.google.com ([2a00:1450:4013:c01::22a]:50318) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Vj1dr-0000dD-Qi for grub-devel@gnu.org; Wed, 20 Nov 2013 01:52:03 -0500 Received: by mail-ea0-f170.google.com with SMTP id k10so1392722eaj.29 for ; Tue, 19 Nov 2013 22:52:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type; bh=qqfoJX7Ry9IN7q/aolpoyC2prjp6YK/yFTdsdiASihs=; b=UkPMQepRdwlWCeon40iiPjke0gGMSO0ar55qPyO1jVTK+W+PlbVDoaha6MC1z6IEZN sX58uPoxDbOgoA4xCUAcljozZpKGwgerBMcNf7RcjmxgEGpD0XSf7kf66X0hnm2ovv9W MvgFqfKfWvSihBLmCddrzffESeMfFks48kObgfO9oQHIjre0AkKg/lhrICib1WDaALVd 63jpac+vf8h7bJ33X+n1QeLluRoeWzSVG+cE4QsJgqxY3Dd7lYLNA4cBnqqBpIVz7Cw4 0cM35DK95tjBxWlOYBPjo1AbMbRdUai1yod9r9f+OAnKA46Q9DXHijAP1AM7hQEv2Hmb HGCA== X-Received: by 10.15.43.140 with SMTP id x12mr25720714eev.4.1384930322953; Tue, 19 Nov 2013 22:52:02 -0800 (PST) Received: from [192.168.1.16] (31-249.1-85.cust.bluewin.ch. [85.1.249.31]) by mx.google.com with ESMTPSA id k7sm16572949eeg.13.2013.11.19.22.52.02 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 19 Nov 2013 22:52:02 -0800 (PST) Message-ID: <528C5C11.80606@gmail.com> Date: Wed, 20 Nov 2013 07:52:01 +0100 From: =?UTF-8?B?VmxhZGltaXIgJ8+GLWNvZGVyL3BoY29kZXInIFNlcmJpbmVua28=?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20131005 Icedove/17.0.9 MIME-Version: 1.0 To: The development of GNU GRUB Subject: Re: Keyfile Support for GRUBs LUKS References: <528BF7A9.8010702@ramses-pyramidenbau.de> <20131119193135.7b3b5d2f@crass-Ideapad-Z570> <20131120015540.GA35248@scollay.m5p.com> <20131119234312.3e95e55e@crass-Ideapad-Z570> <20131120064227.GA35859@scollay.m5p.com> In-Reply-To: <20131120064227.GA35859@scollay.m5p.com> X-Enigmail-Version: 1.5.1 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="----enig2AGTNUBAHLLWNEIWUOQFH" X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2a00:1450:4013:c01::22a X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Nov 2013 06:52:15 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2AGTNUBAHLLWNEIWUOQFH Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 20.11.2013 07:42, Elliott Mitchell wrote: > On Tue, Nov 19, 2013 at 11:43:12PM -0600, Glenn Washburn wrote: >> On Tue, 19 Nov 2013 17:55:40 -0800 >> Elliott Mitchell wrote: >> >>> On Tue, Nov 19, 2013 at 07:31:35PM -0600, Glenn Washburn wrote: >>>> I've had this setup ever since grub had LUKS support, except for the= >>>> signature checking. I don't really see the point of checking >>>> signatures if the kernel and initrd are encrypted. >>> >>> You're setting yourself up for a *lot* of pain then. In places where= >>> security is important, *always* check signatures. Utilizing >>> encryption without checking signatures leaves you *wide-open* to >>> attacks! In a case like this, by observing whether the system >>> continues or halts the attacker will be able to figuring out how the >>> incoming stream was handled. While this may not allow them to figure= >>> out what the keys are, it will allow them to easily break in. >>> >>> Not checking signatures has repeatedly killed zillions of security >>> products. If you worry about security, signatures are non-optional! >> >> I'm not exactly following you. Checking signatures is a way to verify= >> that certain data is what you expect it to be. Can you provide an >> example of what you mean by "observing whether the system >> continues or halts the attacker will be able to figuring out how the >> incoming stream was handled"? >=20 > Some of the portions at the start of the kernel are fixed. If I have > knowledge of the architecture the kernel is for, I'll be able to recove= r > parts of the cryptographic stream by XORing the known parts. The rest = of > the stream is harder to recover, but I could try changing individual > bytes to all 256 values and observing which values cause the processor = to > halt where. From this I could come up with a map of what the byte in t= he > kernel is and what the byte of the cryptographic stream is. The proces= s > would be slow, but it is entirely doable if someone is willing to spend= > the resources. >=20 > Heck, even the known bytes may allow someone to inject enough code to > break into the kernel at a later stage. Look for information on "singl= e > byte buffer overflows" for how systems have been successfully broken in= to > merely by initially controlling 1 byte. You assume here stream cipher or block cipher in CTR mode. Disks are encrypted in XTS mode (usually) or some CBC-variant. ------enig2AGTNUBAHLLWNEIWUOQFH Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iF4EAREKAAYFAlKMXBEACgkQmBXlbbo5nOsFfwD+JVTm2qGemPBxM25Z63Q02+n0 AkxtNzKEfkWxHXMy7NIA/Av5dZJNA/t/BPI9i8Sh8M8bI226JuPVOCaKQCcrF0Yj =1B7b -----END PGP SIGNATURE----- ------enig2AGTNUBAHLLWNEIWUOQFH--