[dm-crypt] Integrate cryptsetup in bootloader

Sven Eschenberg sven at whgl.uni-frankfurt.de
Wed Nov 20 02:13:06 CET 2013


What autheticity? grub's?

The key will be stored by the firmware the same way the keys delivered
with it are stored, most probably. That's why I said, you'd have to trust
the firmware and that it can not easily be tampered with.

I wanted to point out, that an attack on the bootloader itself is not
really the problem here, as you can sign it and use secure boot.

But in turn we'd have to trust secure boot and the security of the
firmware in general.

It is probably way easier though to manipulate the bootloader executeable,
as Arno pointed out, than using a JTAGGer and modify the firmware.

Regards

-Sven


On Wed, November 20, 2013 01:28, Ralf Ramsauer wrote:
> On 11/20/2013 12:28 AM, Sven Eschenberg wrote:
>> Aside from the fact that grub2 does actually support loading the kernel
>> from an encrypted disk, you could still sign your grub executeable for
>> secure boot.
> And who will verify authenticity?
> And where do you want to store the public key for verification?
>>
>> Then again, can we really trust SecureBoot and the UEFI firmware not
>> being
>> tampered with - that will most probably be the major question on modern
>> systems.
> Absolutely. But nevertheless, you always will have to trust a certain
> part of your system.
>
> Regards,
>   Ralf
>>
>> Regards
>>
>> -Sven
>>
>>
>> On Tue, November 19, 2013 05:20, Arno Wagner wrote:
>>> On Tue, Nov 19, 2013 at 04:42:55 CET, Ralf Ramsauer wrote:
>>>> Hi,
>>>>
>>>> just an idea, but shouldn't it be possible to implement encryption
>>>> algorithms incl. LUKS to GRUB?
>>> Possible, yes. But it does not help. Instead of attacking the
>>> kernel image or the initrd, an attacker could just attack the grub
>>> executable, which could then patch the kernel or the initrd.
>>>
>>> --
>>> Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email:
>>> arno at wagner.name
>>> GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D
>>> 9718
>>> ----
>>> There are two ways of constructing a software design: One way is to
>>> make
>>> it
>>> so simple that there are obviously no deficiencies, and the other way
>>> is
>>> to
>>> make it so complicated that there are no obvious deficiencies. The
>>> first
>>> method is far more difficult.  --Tony Hoare
>>> _______________________________________________
>>> dm-crypt mailing list
>>> dm-crypt at saout.de
>>> http://www.saout.de/mailman/listinfo/dm-crypt
>>>
>>
>> _______________________________________________
>> dm-crypt mailing list
>> dm-crypt at saout.de
>> http://www.saout.de/mailman/listinfo/dm-crypt
>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>




More information about the dm-crypt mailing list