Vesa Jääskeläinen wrote: > phcoder wrote: >> I was thinking about the scenario when ide drives are trusted but not >> USB or removable devices. Cryptographic checksums wouldn't bring much >> because if attacker can modify harddrive he can also modify GRUB to skip >> checksum check. > > Then you password protect it :) Once that is supported. > > But really, if attacker has access to your HDD then there is not a > really reason why we should do defense against that one as they can > overwrite us at will. But consider a scenario when attacker can't overwrite the existing harddrive but can plug new one. Then the attacker can prepare a harddrive having a partition with the same UUID as our boot partition. Then he plugs it and depnding on factors like order of interfaces, devices, phase of the moon, ... GRUB can load attacker's modules. While it's ok to use UUID on personal desktop system when attacker can't plug his devices it shouldn't be the default. Vladimir 'phcoder' Serbinenko
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
