[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GRUB hardened boot framework
|
From: |
Robert Millan |
|
Subject: |
Re: GRUB hardened boot framework |
|
Date: |
Sat, 28 Feb 2009 00:26:07 +0100 |
|
User-agent: |
Mutt/1.5.18 (2008-05-17) |
On Sat, Feb 28, 2009 at 12:18:17AM +0100, phcoder wrote:
>> If the code that does the authentication is loaded from the encrypted
>> partition,
>> without being checked, this is true, but we assume, that core.img is already
>> loaded (and checked), so the authentication code is not on the encrypted
>> partition, and can detect any tampering.
> As far as I understood Robert Millan was suggesting that just encrypting
> (but not verifying) your kernel is enough. I wanted to show wha it isn't
Fair enough. My point is that we don't need overcomplicated mechanisms to
measure every module, config file or component separately. After core.img
is verified/loaded, it's much simpler to handle the rest at this layer
below the filesystem, which doesn't require significant redesign of how
GRUB works.
--
Robert Millan
The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and
how) you may access your data; but nobody's threatening your freedom: we
still allow you to remove your data and not access it at all."
- Re: GRUB trusted boot framework, (continued)
- Re: GRUB trusted boot framework, Robert Millan, 2009/02/27
- Re: GRUB hardened boot framework, Jan Alsenz, 2009/02/27
- Re: GRUB hardened boot framework, phcoder, 2009/02/27
- Re: GRUB hardened boot framework, Robert Millan, 2009/02/27
- Re: GRUB hardened boot framework, phcoder, 2009/02/27
- Re: GRUB hardened boot framework, Robert Millan, 2009/02/27
- Re: GRUB hardened boot framework, phcoder, 2009/02/27
- Re: GRUB hardened boot framework, Jan Alsenz, 2009/02/27
- Re: GRUB hardened boot framework, phcoder, 2009/02/27
- Re: GRUB hardened boot framework,
Robert Millan <=
- Re: GRUB hardened boot framework, Jan Alsenz, 2009/02/27