[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: awareness + flexibility + security
|
From: |
Jonathan S. Shapiro |
|
Subject: |
Re: awareness + flexibility + security |
|
Date: |
Tue, 15 Nov 2005 17:51:00 -0500 |
On Tue, 2005-11-15 at 16:44 +0100, Michal Suchanek wrote:
> On 11/14/05, Jonathan S. Shapiro <address@hidden> wrote:
> > On Sat, 2005-11-12 at 17:04 +0100, Michal Suchanek wrote:
> >
> > > That attestaion function is not really that strong. There are a few
> > > registers for hashes, and these have to be actively filled by some
> > > software.
> > > So in case of GNU/Linux, the BIOS would store its own checksum, the
> > > checksums of option roms (if any), the checksum of the bootsector,
> > > and load it. Grub then would store its
> > > checksum, checksums of the stages it loads, the kernel, the initrd, and
> > > load it.
> > > You can later read these checksums. But what do they prove?
> >
> > First, you are missing a step: the checksum of grub is computed as it is
> > loaded by the boot sector.
>
> ok, they put quite a lot of stuff in that 500 (or haw many)bytes then :)
> This leaves only the somewhat impractical option: replace the bios.
Hmm. Now that I think about it, it might be that this checksum is done
in the BIOS. Since the initial boot sector more or less has to use BIOS
calls in order to load the stage2 boot, it would probably be good enough
to just compute a checksum of every sector loaded by boot1.S
> > Second: the cryptographic hash is computed **by the hardware**. You can
> > certainly compute something else, but the hardware won't believe it.
>
> Sure. But you **have to supply the data to the chip** somehow. It
> cannot read it from the disk by itself. It even does not know where.
> And since the hashes are weak (iirc sha1) you can generate data that
> yields arbitrary checksum (you would have hard time fitting it into
> the bootsector, though).
Like I say, I haven't actually looked at the details on the chain of
trust. The reason I didn't bother is that Safford and van Doorn and
Karger have all done so top to bottom, and they are all really good at
this stuff, and they are convinced that it works.
Okay. I just went and looked. I works.
> And I still do not see what the signed message containing the
> checksums proves. There are way too many variants.
I think you are saying: the signature may be good, but there are too
many valid checksums for any of this to be practically useful.
If this is what you mean, then I provisionally agree. Less true for a
microkernel than for a monolithic kernel, though.
- Re: awareness + flexibility + security, (continued)
- Re: awareness + flexibility + security, Jonathan S. Shapiro, 2005/11/14
- Re: awareness + flexibility + security, Jonathan S. Shapiro, 2005/11/14
- Re: awareness + flexibility + security, Marcus Brinkmann, 2005/11/15
- Re: awareness + flexibility + security, Jonathan S. Shapiro, 2005/11/15
- Re: awareness + flexibility + security, Jonathan S. Shapiro, 2005/11/15
- Re: awareness + flexibility + security, Jun Inoue, 2005/11/14
- Re: awareness + flexibility + security, Jonathan S. Shapiro, 2005/11/14
- Re: awareness + flexibility + security, Michal Suchanek, 2005/11/12
- Re: awareness + flexibility + security, Jonathan S. Shapiro, 2005/11/13
- Re: awareness + flexibility + security, Michal Suchanek, 2005/11/15
- Re: awareness + flexibility + security,
Jonathan S. Shapiro <=