[dm-crypt] Integrate cryptsetup in bootloader
eternaleye at gmail.com
Wed Nov 20 10:24:31 CET 2013
Sven Eschenberg wrote:
> What autheticity? grub's?
> The key will be stored by the firmware the same way the keys delivered
> with it are stored, most probably. That's why I said, you'd have to trust
> the firmware and that it can not easily be tampered with.
> I wanted to point out, that an attack on the bootloader itself is not
> really the problem here, as you can sign it and use secure boot.
> But in turn we'd have to trust secure boot and the security of the
> firmware in general.
> It is probably way easier though to manipulate the bootloader executeable,
> as Arno pointed out, than using a JTAGGer and modify the firmware.
Well, there are two concerns there, and the difficulty of using a JTAG
debugger only addresses one.
The other issue is that while GRUB2 is open-source and can be inspected for
backdoors, the same is not generally true of firmware.
Trinh, if you have the resources you may want to look into Coreboot with a
signed (and verification-capable) U-Boot payload. That's what ChromeOS is
using (although their U-Boot verification differs from and predates what
went upstream), and provides a similar trust chain to Secure Boot using
open-source components. That will restrict what hardware you can use, but if
your use-case requires that kind of security it may be worth considering.
More information about the dm-crypt