[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Some Ideas about booting security
From: |
Marco Gerards |
Subject: |
Re: Some Ideas about booting security |
Date: |
Wed, 11 Jan 2006 11:50:56 +0100 |
User-agent: |
Gnus/5.1007 (Gnus v5.10.7) Emacs/21.4 (gnu/linux) |
paradox <address@hidden> writes:
Hi,
> I am a EE Dr. in trust computing.Our researching
> group has modified the grub 0.95 stage 1.5 code to add
> functions of Authentication and kernel and initrd's
> integrity check (use md5 digest algorithm and an usb
> security key),buy it is only a toy.
>
> I has some ideas on booting security, and want to
> try them in grub2. here is a simple introduce:
>
> first, about trust chains in trust machine. a
> trust computing machine should has a trust chains from
> power on to the system envirment.in the trust chains,
> MBR Data should be checked by trust machine, in the
> MBR, grub should make a bios call, let trust bios
> check the stage 2's data in the partition header. then
> grub stage2 should check the integrity of the modules,
> kernels, initrds, and config file. it is only for
> business systems, but sb need it badly.
Isn't this something Intel focusses on by using EFI?
> second, about priviledge control of grub 2. we can
> assume there has serveal people using a machine with
> serveal system, i.e., developing system, testing
> system, working system, and a windows system.perhaps
> one will only be permitted to booting one or two
> systems,for example, only system administrator can use
> a cdrom to booting the system. we can add a login and
> passwd check interface in the beginning of the stage
> 2, give the different user the different booting
> selection.can we build a mod to do this?
There is not stage 2 anymore in GRUB 2. Perhaps you can put this in
an initialization routine in some GRUB 2 module. Or even better in
the script grub.cfg. Please keep in mind that GRUB 2 is GPL'ed so
anything that links to it, including modules, should be GPL'ed as
well. Another thing you should know is that the interfaces of GRUB 2
are not fixed.
> third , about Copyrights. I don't think GPL is the
> best choice for opensources, but we still need it. in
> my opinion,the best public license should give a
> public standard, allowing everyone use it for everying
> except new non_public standard. So I want split my
> work to two part, one part is on GPL, make interfaces
> with the protection of GPL, the other part is
> independent and totally free. Is it a good idea?
What does the license have to do with copyright? GRUB 2 will remain
copyrighted by the FSF. And I am not sure what you mean with
opensources, what are you referring to? GRUB is is not open source.
What do you mean with public standard? GRUB 2 is software.
I am not sure what you are heading to with that last part. The GPL is
completely free *and* it protects your freedoms. What else can you
wish for? As I explained above, all code linked to GRUB 2 should be
GPL'ed. But because I am not a lawyer, you can better contact one to
be sure.
> Last is a question: Is there anyone try to booting
> grub2 on mips ?
Not yet, but I assume it will be quite easy to port GRUB 2. Which
MIPS based machine did you have in mind?
--
Marco