Jan Alsenz wrote: > Yes, that was my point. You need a trusted first step. > But the only thing besides a TPM, that can be used for this is the BIOS, > which can be flashed. > And even, if we assume, that we can construct a BIOS that only boots if the > MBR hash matches and can not be flashed prior to this point, there are > still two points missing: > - After the system has started, the BIOS could be flashed. This is a very > possible scenario in a multi user environment. > - They could take out the disk and put it in another machine, tamper with > the boot code and switch it on. And all your protection is gone. > Ok, you could try to put a needed key in the BIOS too, but then we're > back to problem one - and the BIOS can not check if a request for the key > is valid. I'm not even sure, if something in the BIOS can be read > protected.
BIOS could be in ROM, un-flashable, including hash/keys and all! Refuse to boot if the hash doesn't match! Admittedly this poses some limitations on whether the system can be upgraded, depending how sophisticated you want to be. _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
