grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC] Boot parameters and geometrical stability


From: Robert Millan
Subject: Re: [RFC] Boot parameters and geometrical stability
Date: Thu, 4 Sep 2008 21:33:47 +0200
User-agent: Mutt/1.5.13 (2006-08-11)

On Wed, Sep 03, 2008 at 02:31:10PM +0200, phcoder wrote:
> > 
> > I assume you talk about GRUB loading itself;  what kind of information would
> > you pass from one GRUB to the other?
> Boot device,

Multiboot already handles that (although it's not reliable; I don't
think this feature should be used anyway).

> configuration file, parameters for scripts.

This assumes the loader knows more than the loadee about this information.
In which situation would this happen?  Note that both loader and loadee can
obtain user input.

Which parameters do you have in mind?

> But much more
> useful this is for network boot. In this case GRUB can recieve server
> info in boot parameters so when this info changes there is no need to
> regenerate grub images.

Doesn't PXE already handle this?

> Cryptographic checksums wouldn't bring much
> because if attacker can modify harddrive he can also modify GRUB to skip
>  checksum check.

The only way to restrict physical users from privileged access is by using
physical means.  Everything else is mere obstruction.

Though, you can still run GRUB in your ROM (with coreboot), have it do the
crypto checksum from there, and restrict write access to the ROM (e.g. by
sinking it in concrete).

-- 
Robert Millan

  The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and
  how) you may access your data; but nobody's threatening your freedom: we
  still allow you to remove your data and not access it at all."




reply via email to

[Prev in Thread] Current Thread [Next in Thread]