[dm-crypt] verity for GRUB?

Geoffrey Thomas gthomas at mokafive.com
Thu Oct 11 00:04:49 CEST 2012


[trimmed Ccs]

On Wed, 10 Oct 2012, Milan Broz wrote:

> I see no major problem with relicensing (but need to check properly).
> If it helps to use it more broadly, it would be nice (with available
> source code for everyone).

Yeah, if you're planning on looking into relicensing, I'd encourage you to 
make as much of cryptsetup as you can GPLv2+ instead of GPLv2, so that the 
code is more reusable in other projects, even if it ends up not being 
relevant for my specific use case.

> What is not clear here (not related to problems above) is where
> you want to store root hash and how grub2 will securely obtain it...

I've raised this on the GRUB list:

http://thread.gmane.org/gmane.comp.boot-loaders.grub.devel/19404

Basically my plan is to add another GRUB command to verify a signed file 
and load configuration or variables from it (or parse it with the Lua 
grub-extra, which we're already using), and then build a top-level 
grub.efi with our certificate embedded. So our build server would do 
something like `veritysetup format image.iso image.iso.verity | sed ... | 
gpg --clearsign > image.iso.root-hash` after creating the ISO, and ship 
all three files when doing an update.

Which reminds me to thank you for the "veritysetup support for files" 
patch -- in some testing by hand, it works pretty well.

-- 
Geoffrey Thomas
gthomas at mokafive.com




More information about the dm-crypt mailing list