I know that TPM has been mentioned several times on this list. With absolutely inadequate knee-jerk reactions from GRUB developers :(
Currently I have a problem - I need to protect confidential private data (we try to protect privacy of our customers) from the _physical_ theft of the server. A simple full hard drive encryption should work just fine except for one small detail - there's nobody to enter the password when server reboots. I've solved this by adding an intermediate system which connects to another server (which I consider physically secure), retrieves decryption key and does kexec into the real OS passing this key as a parameter. So I can just delete the key from the secure server to stop the physically insecure sever from booting, it'll then be useless for attackers since there's no decryption key present on it. However, it would be fairly trivial for attacker to steal the server and/or make a full copy of its hard drive and then modify intermediate system to print the decryption key. Not good. And there's no way to solve it in software, since attacker can trivially change the bootloader. So I've added another layer of security - I use TPM to remotely attest that the bootloader and the intermediate system is not modified. It requires chain of trust from BIOS to the intermediate system. So if attacker tries to modify bootloader or intermediate system image - TPM will not provide keys for communication with the secure server. Please note, that if TPM chip is blocked/kicked/de-soldered/sacrificed to GNU gods then I can still retrieve all data because the main decryption key is NOT kept in the TPM module (TPM is only used to attest integrity of the system). Also, this is not a DRM scheme. So... Why not add TPM patches into the mainline GRUB2 project? GPLv3 protects nicely against the possible DRM misuse of GRUB2 and TPM. Also I can assist in forward-porting of 'Trusted GRUB' patch. _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
