grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re[2]: 'password' command in GRUB 2?

From: Michal Suchanek
Subject: Re: Re[2]: 'password' command in GRUB 2?
Date: Wed, 26 Aug 2009 13:51:20 +0200 
2009/8/25 Vladimir 'phcoder' Serbinenko <address@hidden>:
>> However, that CVE is about grub leaving its passwords in memory.
>> Wiping memory used by grub should be fast - orders of magnitude faster
>> than loading the OS kernel for example.
> Actually this specific report is about BIOS leaving its keyboard
> buffer - you can find BIOS password there too. As BIOS is proprietary
> firmware whatever we do we can never ensure it being secure. Even the

Even if many BIOSes leave their password there it's not reason to be as sloppy.

I am not particularly concerned about this issue but the BIOS
typically requires a reboot after typing the password so if it is
half-decently implemented it clears the buffer during initialization.
If it does not it's not grub's concern, it should do its part by
clearing its own sensitive data (if any).

Thanks

Michal
reply via email to
[Prev in Thread] Current Thread [Next in Thread]