On Sat, Feb 28, 2009 at 12:18:17AM +0100, phcoder wrote: >> If the code that does the authentication is loaded from the encrypted >> partition, >> without being checked, this is true, but we assume, that core.img is already >> loaded (and checked), so the authentication code is not on the encrypted >> partition, and can detect any tampering. > As far as I understood Robert Millan was suggesting that just encrypting > (but not verifying) your kernel is enough. I wanted to show wha it isn't
Fair enough. My point is that we don't need overcomplicated mechanisms to measure every module, config file or component separately. After core.img is verified/loaded, it's much simpler to handle the rest at this layer below the filesystem, which doesn't require significant redesign of how GRUB works. -- Robert Millan The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and how) you may access your data; but nobody's threatening your freedom: we still allow you to remove your data and not access it at all." _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
