[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SHA-1 MBR
|
From: |
Jan Alsenz |
|
Subject: |
Re: SHA-1 MBR |
|
Date: |
Sat, 21 Feb 2009 09:56:28 +0100 |
|
User-agent: |
Thunderbird 2.0.0.19 (X11/20090104) |
>>> If not, who checks the MBR?
>> This can't be done by grub because it happens before any part of grub is
>> loaded. to verify grub you need to rely on vendor/platform-specific
>> mechanisms.
>> I personally find "tpm without tpm" more attractive because it can be
>> easily reused on another platform or any alternative to tpm (perhaps
>> anybody here or coreboot folks will come up with something).
>> Additionally it workarounds many bios and tpm bugs.
>> I will continue working on sha-1 boot. My goal is to load core.img
>> checked. After that point there is much more space and any signature
>> based solution can be used.
> Yes, that was my point. You need a trusted first step.
> But the only thing besides a TPM, that can be used for this is the BIOS, which
> can be flashed.
> And even, if we assume, that we can construct a BIOS that only boots if the
> MBR
> hash matches and can not be flashed prior to this point, there are still two
> points missing:
> - After the system has started, the BIOS could be flashed. This is a very
> possible scenario in a multi user environment.
Ok, I revoke that statement!
This is most likely equivalent to being able to just read out the disk
encryption keys from memory, which we considered out of scope.
So if you can get the BIOS right, this might actually work for our scenario!
Greets,
Jan
signature.asc
Description: OpenPGP digital signature