Re: GRUB trusted boot framework

[Vesa Jääskeläinen]

Jan Alsenz wrote:
> Vesa Jääskeläinen write:
>> I do like the idea what some protected systems use, they sign the binary
>> (in our case .mod file and kernels of loaded OSes). Now in that scenario
>> it is responsibility of the kernel module loader to first verify the
>> signature for correctness. This way the signature checking would be
>> somewhat transparent to the rest of the system.
>>
>> I do not see a need to add any hooks to disk read. It should be
>> responsibility of the code needing signature checking to handle that.
> 
> Well, since to trusted operation should be transparent (and in my opinion 
> should
> not need code changes in something like the loaders - so if someone writes a 
> new
> loader, it should work by default), that's where the hooks come in.
> Maybe the "disk read" was misleading, what I meant where "file reads".

Hi,

Well.. you probably don't want to verify authenticity of the fonts or
bitmaps in graphical menu?

Anyway. I think the right place for verification hook in this case is
the module or OS kernel loader.

If you think otherwise. Then you have to provide a complete technical
design how it should work as I see no other good choice for it.

(actually there is one other place that could be used, but I let you
come up with the idea after you have given a bit more though on the
implementation side :))

Thanks,
Vesa Jääskeläinen