[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Libreboot] Password protected Grub entries
From: |
The Gluglug |
Subject: |
Re: [Libreboot] Password protected Grub entries |
Date: |
Sun, 24 May 2015 11:54:10 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.6.0 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 20/05/15 19:04, Beni wrote:
>
>>
>> Exactly. That is why I recommended against using --unrestricted.
>> They can replace your HDD, but the chances of them being able to
>> replicate a correct GPG signature is very hard.
>
> Ah, ok. But there are still two things I don't don't yet fully
> understand.
>
> 1. What I don't understand yet is how you'd get a hard drive to
> accept the exact same passphrase I use to unlock my hard drive. If
> you don't achieve this I'll notice that you replaced the drive the
> second I put in my passphrase and it fails to decrypt the drive.
>
> 2. What could you achieve by replacing the hard drive? My data is
> on the original hard drive. If you replace the drive, you get
> basically a new device containing no valuable information.
>
> Regards,
>
> Beni
I'm talking about protecting the system from being modified in any
way, outside of the OS. For instance, by booting another HDD you might
be able to re-flash, with firmware that logs keys and stores them for
later retrieval. You would not leave your HDD in, you'd put the old
one back.
Having a password in GRUB (payload) protects against this, making
external flashing necessary.
Of course, there are also ways to write-protect the flash so that you
always have to flash externally, but there are other things that
someone can do.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJVYa3SAAoJEP9Ft0z50c+UxkMIALgcn68oqyJ6/38MUYZMaD0L
aJABRx776wBpfO9lE8AWcXsVX4HvFCopC75G7W0Td7CmmG90KPXjXb/kjbo8zqZb
X8Cly3okkNBp+tKUxKavRfqu0d6e9EfxD5ZNT9Upb6QuT/teHDJq/MwBttiwRXdT
5/9QrPOyx7x4kCq0AV1aSeF1sEPmJMv7K1+uhzfBtP6kkccTw1j8wYmQSeqWmsJR
Mg5zgpripes4qsJrLqZb9HO2kurF0yamWIp21A8Lah9mPkUa+5/W3ufbtgckFXVU
X5NIbl5pk4np8IoMKcX1tC8zR1LJ6II/Ah5nyKKxFfupV4gsIZlx24TngKn1MSk=
=sO2N
-----END PGP SIGNATURE-----
- Re: [Libreboot] Password protected Grub entries, The Gluglug, 2015/05/20
- Re: [Libreboot] Password protected Grub entries, The Gluglug, 2015/05/20
- Re: [Libreboot] Password protected Grub entries, Beni, 2015/05/20
- Re: [Libreboot] Password protected Grub entries, The Gluglug, 2015/05/20
- Re: [Libreboot] Password protected Grub entries, Robert Alessi, 2015/05/24
- Re: [Libreboot] Password protected Grub entries, The Gluglug, 2015/05/24
- Re: [Libreboot] Password protected Grub entries, Will Hill, 2015/05/24
- Re: [Libreboot] Password protected Grub entries, Robert Alessi, 2015/05/28
- Re: [Libreboot] Password protected Grub entries, The Gluglug, 2015/05/28
- Re: [Libreboot] Password protected Grub entries, The Gluglug, 2015/05/28
- Re: [Libreboot] Password protected Grub entries, Robert Alessi, 2015/05/28
- Re: [Libreboot] Password protected Grub entries, t, 2015/05/28
- Re: [Libreboot] Password protected Grub entries, Robert Alessi, 2015/05/28
- Re: [Libreboot] Password protected Grub entries, Daniel Tarrero, 2015/05/29