[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Design: first sector of core.img
|
From: |
Robert Millan |
|
Subject: |
Re: Design: first sector of core.img |
|
Date: |
Sat, 21 Feb 2009 15:09:44 +0100 |
|
User-agent: |
Mutt/1.5.18 (2008-05-17) |
On Fri, Feb 20, 2009 at 11:12:25PM +0100, phcoder wrote:
> Hello. For SHA-1 verified boot first sector needs to check the rest of
> core.img. It will need heavy modifications. On the same time I would
> like to avoid changes to current boot process so that both alternatives
> are available (SHA-1 and plain boot). In the same time even in current
> design the first sector plays a special role. So I propose first sector
> to be moved to a separate file and then at install time grub-mkimage or
> grub-setup can take care of choosing right one depending on options
> supplied by user (plain or SHA-1 boot)
Have you looked at how the boot process works when using coreboot/GRUB ?
By getting rid of the legacy stuff, things get much more flexible.
Check the grub.cfg example in:
http://grub.enbug.org/CoreBoot
to see what I mean. Most pieces are there already. When we merge crypto
support, it'll be possible for GRUB-in-chip to verify GRUB-in-disk.
Then the chip becomes your root of trust, which is what you're pursuing, if I
understood correctly. But if I was serious about security, I wouldn't make
a BIOS blob my root of trust, GRUB is a much better option ;-)
--
Robert Millan
The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and
how) you may access your data; but nobody's threatening your freedom: we
still allow you to remove your data and not access it at all."