Re: Protection of boot sector and embedded area

[Vladimir 'phcoder' Serbinenko]

James Courtier-Dutton wrote:
> 2009/9/26 Vladimir 'phcoder' Serbinenko <address@hidden>:
>   
>> James Courtier-Dutton wrote:
>>     
>>> 2009/9/26 Vladimir 'phcoder' Serbinenko <address@hidden>:
>>>
>>>       
>>>> It's generally a bad idea to chase grub out of MBR+embed area. It often
>>>> results in unreliable configurations. Could you detail your usecase so
>>>> we can seek for a bettere solution?
>>>>
>>>>         
>>> The other thing sitting in the embedded area is a whole disc encryption 
>>> product.
>>> It takes up about 60 sectors of the 64 sectors of the embedded area.
>>>
>>>       
>> I guess you speak about truecrypt. In this case the solution I would
>> recommend is to make grub load truecrypt's embedding area from a file on
>> the disk (it probably can be extracted from truecrypt w/o installing
>> booter). It's not a difficult task, just nobody did it yet (volunteers
>> are welcome).
>> Beware that truecrypt is distributed under a license which has legal
>> danger to the end user.
>> https://fedoraproject.org/wiki/ForbiddenItems#TrueCrypt
>> Of course it's your choice to use it or not but I would suggest to avoid
>> such software especially for the data you need to protect
>>     
>
> It is not truecrypt.
> I would argue that a "full disk encryption" product should be in the
> boot sector/embedded area and everything else, even grub should load
> after it.
>
>   
It has no benefit other than giving you a wrong impression of additional
security (feel free to expose your arguments). Actually having grub
before disk encryption is beneficial for configuration purposes
(encryption program is only loaded when needed)
> _______________________________________________
> Grub-devel mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/grub-devel
>
>