grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GRUB hardened boot framework


From: Jan Alsenz
Subject: Re: GRUB hardened boot framework
Date: Sat, 28 Feb 2009 00:10:09 +0100
User-agent: Thunderbird 2.0.0.19 (X11/20090104)

phcoder wrote:
>>
>> I'm no crypto expert, but I was under the impression that when the
>> data is
>> encrypted, measurement comes "for free": if someone tampered it, you'd be
>> unable to decrypt.  Is this correct?
>>
> It's not. Encryption is permutation
> E_{key,sector} (P) -> C
> Which permutes transforms plaintext P to ciphertext P. Without knowing
> the key an attacker still can reuse the values he has already seen (e.g.
> if he has an image of FS at previous date).
> He can also replace the sector with anything. He can't predict to what
> it will be decrypted but not to what it originally was
> Additionally most current modes subdivide sectors in 16-byte blocks. And
> how a block is encrypted depends on previous but not next blocks in
> sector. Then if attacker knows where the authentication is he can
> rewrite this place with anything. It will decrypt to garbage and with
> some quite high probability it won't crash and will let the attacker in.
> With XTS block encryptions depends neither on previous nor on next block
> . So attacker doesn't even need the authenthication code to be at the
> end of the sector.
> In various CBC modes if an attacker replaces sector A with sector B
> first block of sector B will decrypt to garbage but the rest will
> decrypt just fine. It can be used for e.g. launching printk to output
> the encryption keys.
> In conclusion encryption doesn't check for modifications. Some
> encryption systems do it additionally through separate mechanism but
> encryption itself does no such thing

If the code that does the authentication is loaded from the encrypted partition,
without being checked, this is true, but we assume, that core.img is already
loaded (and checked), so the authentication code is not on the encrypted
partition, and can detect any tampering.

Greets,

Jan

Attachment: signature.asc
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]