[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Protection of boot sector and embedded area

From: Vladimir 'phcoder' Serbinenko
Subject: Re: Protection of boot sector and embedded area
Date: Sun, 27 Sep 2009 01:01:58 +0200
User-agent: Mozilla-Thunderbird (X11/20090701)

James Courtier-Dutton wrote:
> 2009/9/26 Vladimir 'phcoder' Serbinenko <address@hidden>:
>> James Courtier-Dutton wrote:
>>> 2009/9/26 Vladimir 'phcoder' Serbinenko <address@hidden>:
>>>> It's generally a bad idea to chase grub out of MBR+embed area. It often
>>>> results in unreliable configurations. Could you detail your usecase so
>>>> we can seek for a bettere solution?
>>> The other thing sitting in the embedded area is a whole disc encryption 
>>> product.
>>> It takes up about 60 sectors of the 64 sectors of the embedded area.
>> I guess you speak about truecrypt. In this case the solution I would
>> recommend is to make grub load truecrypt's embedding area from a file on
>> the disk (it probably can be extracted from truecrypt w/o installing
>> booter). It's not a difficult task, just nobody did it yet (volunteers
>> are welcome).
>> Beware that truecrypt is distributed under a license which has legal
>> danger to the end user.
>> Of course it's your choice to use it or not but I would suggest to avoid
>> such software especially for the data you need to protect
> It is not truecrypt.
> I would argue that a "full disk encryption" product should be in the
> boot sector/embedded area and everything else, even grub should load
> after it.
It has no benefit other than giving you a wrong impression of additional
security (feel free to expose your arguments). Actually having grub
before disk encryption is beneficial for configuration purposes
(encryption program is only loaded when needed)
> _______________________________________________
> Grub-devel mailing list
> address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]