Some Ideas about booting security

Tue, 10 Jan 2006 22:44:30 -0800 

Hello,everyone!

   I am a EE Dr. in trust computing.Our researching
group has modified the grub 0.95 stage 1.5 code to add
functions of Authentication and kernel and initrd's
integrity check (use md5 digest algorithm and an usb
security key),buy it is only a toy.

   I has some ideas on booting security, and want to
try them in grub2. here is a simple introduce:
  
    first, about trust chains in trust machine. a
trust computing machine should has a trust chains from
power on to the system envirment.in the trust chains,
MBR Data should be checked by trust machine, in the
MBR, grub should make a bios call, let trust bios
check the stage 2's data in the partition header. then
grub stage2 should check the integrity of the modules,
kernels, initrds, and config file. it is only for
business systems, but sb need it badly.

    second, about priviledge control of grub 2. we can
assume there has serveal people using a machine with
serveal system, i.e., developing system, testing
system, working system, and a windows system.perhaps
one will only be permitted to booting one or two
systems,for example, only system administrator can use
a cdrom to booting the system. we can add a login and
passwd check interface in the beginning of the stage
2, give the different user the different booting
selection.can we build a mod to do this?

    third , about Copyrights. I don't think GPL is the
best choice for opensources, but we still need it. in
my opinion,the best public license should give a
public standard, allowing everyone use it for everying
except new non_public standard. So I want split  my 
work to two part, one part is on GPL, make interfaces
with the protection of GPL, the other part is
independent and totally free. Is it a good idea?

   Last is a question: Is there anyone try to booting
grub2 on mips ?

   thanks.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel

Reply via email to