Re: [PATCH] use UUIDs for cross-disk installs (Re: Issue with boot != ro

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] use UUIDs for cross-disk installs (Re: Issue with boot != ro

From:	Robert Millan
Subject:	Re: [PATCH] use UUIDs for cross-disk installs (Re: Issue with boot != root and chainloading)
Date:	Sun, 3 Aug 2008 14:08:33 +0200
User-agent:	Mutt/1.5.13 (2006-08-11)

On Sun, Aug 03, 2008 at 07:09:51AM -0400, Isaac Dupree wrote:
> 
> Is using UUIDs alone resilient 
> against this situation:
> An attacker finds out the 
> UUIDs on your hard-disk.  S/he 
> makes a USB drive or CD (that 
> preferably looks innocuous 
> when plugged into a running 
> system), but has a UUID on it 
> equal to that of the GRUB boot 
> partition (which might not be 
> mounted on a running system). 
>  Anyway, when the system 
> (core.img) boots, can it tell 
> the difference well enough to 
> prefer the GRUB that's on the 
> disk that it was originally 
> installed to?

biosdisk prefers hard disks over floppies.  Of course, usb drives are generally
identified as hard disks, but this problem will go away when we get rid of the
BIOS and access devices directly.

Then again, on BIOS we only use UUIDs when the situation is desperate, like on
a cross-disk install.  If you're concerned about security and/or reliability,
don't do cross-disk installs.

> (Equally well, 
> you could have a GRUB core.img 
> and /boot on a CD or 
> unwriteable USB drive that 
> you're trying to boot when you 
> don't entirely trust the 
> computer's hard disk.) 
> Furthermore, perhaps all the 
> modules that the attacker 
> provided are the same as the 
> genuine ones; only grub.cfg 
> differs... only the most 
> paranoid of us would try to 
> put a hash in core.img that 
> complains whenever grub.cfg 
> has changed from the original 
> state?

This line of thinking is what is commonly used to justify draconian measures
(i.e. Treacherous Computing) but it doesn't make any sense.  If your security
policy is such that you don't trust users with physical access, try any of
the following:

  - Crypt your whole disk.  Have your /boot in a usb drive you carry with you.

  - Remove your CD drive and unexpose USB slots (use locks or if really paranoid
    sink your board in concrete).

So-called "Trusted" Computing is just a blatant excuse to steal your music and
your documents.  Don't drink the kool aid.

-- 
Robert Millan

  The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and
  how) you may access your data; but nobody's threatening your freedom: we
  still allow you to remove your data and not access it at all."

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH] use UUIDs for cross-disk installs (Re: Issue with boot != root and chainloading), Isaac Dupree, 2008/08/03
- Re: [PATCH] use UUIDs for cross-disk installs (Re: Issue with boot != root and chainloading), Robert Millan <=
  - Re: [PATCH] use UUIDs for cross-disk installs (Re: Issue with boot != root and chainloading), Robert Millan, 2008/08/03
  - Re: [PATCH] use UUIDs for cross-disk installs (Re: Issue with boot != root and chainloading), Isaac Dupree, 2008/08/03
    - Treacherous Computing (Re: [PATCH] use UUIDs for cross-disk installs), Robert Millan, 2008/08/03

Prev by Date: Re: [PATCH] use UUIDs for cross-disk installs (Re: Issue with boot != root and chainloading)
Next by Date: Re: [PATCH] use UUIDs for cross-disk installs (Re: Issue with boot != root and chainloading)
Previous by thread: Re: [PATCH] use UUIDs for cross-disk installs (Re: Issue with boot != root and chainloading)
Next by thread: Re: [PATCH] use UUIDs for cross-disk installs (Re: Issue with boot != root and chainloading)
Index(es):
- Date
- Thread