Robert Millan wrote: > On Sat, Feb 21, 2009 at 03:20:39PM +0100, Jan Alsenz wrote: >>> "remote attestation" is only useful when you want to coerce others into >>> running your (generaly proprietary) software. I hope this is not what you >>> want to do. >> Yes, this is exactly what he tries do to: convince his keyserver, that the >> requesting server runs, what it's supposed to. >> >> Which is exactly remote attestation, just in this case he controls both >> sides, >> which I think makes it an interesting use of the technology. > > That would be like trying to rob yourself by threatening yourself with a gun, > instead of simply drawing money from your wallet.
Sorry, I don't get that analogy... > If you just want to ensure noone is tampering your box, simply make your box > tamper-proof. You don't need a protocol to allow third parties to check > anything. Ok, but if you have such a protocol, only use it for yourself and do trust the manufacturer, you only have to secure one of your boxes instead of them all, which is usually much easier. >>> This is unnecessary. Once GRUB supports crypto, it can simply load >>> itself from an encrypted filesystem on disk. An image can be of >>> arbitrary size. >> Ok, but where does it get the key from? > > The public key (or just a hash) can be embedded in GRUB itself. In the > instance of GRUB that goes to the flash chip, that is. > >> And how can wherever the key comes from be sure that it's talking to GRUB? > > Because you put it there, and made sure noone can overwrite it afterwards. Making sure, that noone can override it, can be awfully difficult, especially under a physical attacker. A hardware that is at least a bit designed to withstand such an attack can help a lot. Greets, Jan
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
