[dm-crypt] Integrate cryptsetup in bootloader

Alex Elsayed eternaleye at gmail.com
Wed Nov 20 10:24:31 CET 2013


Sven Eschenberg wrote:

> What autheticity? grub's?
> 
> The key will be stored by the firmware the same way the keys delivered
> with it are stored, most probably. That's why I said, you'd have to trust
> the firmware and that it can not easily be tampered with.
> 
> I wanted to point out, that an attack on the bootloader itself is not
> really the problem here, as you can sign it and use secure boot.
> 
> But in turn we'd have to trust secure boot and the security of the
> firmware in general.
> 
> It is probably way easier though to manipulate the bootloader executeable,
> as Arno pointed out, than using a JTAGGer and modify the firmware.

Well, there are two concerns there, and the difficulty of using a JTAG 
debugger only addresses one.

The other issue is that while GRUB2 is open-source and can be inspected for 
backdoors, the same is not generally true of firmware.

Trinh, if you have the resources you may want to look into Coreboot with a 
signed (and verification-capable) U-Boot payload. That's what ChromeOS is 
using (although their U-Boot verification differs from and predates what 
went upstream), and provides a similar trust chain to Secure Boot using 
open-source components. That will restrict what hardware you can use, but if 
your use-case requires that kind of security it may be worth considering.



More information about the dm-crypt mailing list