Re: GRUB hardened boot framework

[phcoder]

> > The last stage is much simpler.  Just put /boot/ in a crypted filesystem (we
> > have a patch liing around which is pending to merge).
>
> Yes, that would also be an idea.
> Then the filesystem needs the authentication.
Encrypted filesystems don't prevent some attacks as inconsistent 
rollback. Suppose that some program is written like
if (!authenthicated)
   return error;
Let's say this is in sector X on disk. But then author added something 
before this function and this code is shifted to the sector X+1. However 
attacker has kept the previous sector X+1. Then he rewrites the sector 
X+1 with its previous version and bypasses the authentication. It's 
difficult attack but is still possible. Actually mac checksumming or 
signatures are better way to protect the system. Encrypting mainly 
protects from someone looking at data but isn't so good in 
detecting/protecting from modification. And normally you have no reason 
to hide you linux system partition. Additionally hashes are faster then 
encryptions.
> > That only leaves MBR and core.img.  You can either check both from firmware
> > (does any BIOS allow this?) or do some funny gimmicks in MBR ;-)
>
> There might be some boot virus protections, that could be abused. Or otherwise -
> coreboot.
Yes. My BIOS has boot virus protection but I haven't tested yet how it works

--

Regards
Vladimir 'phcoder' Serbinenko