Aside from the fact that grub2 does actually support loading the kernel from an encrypted disk, you could still sign your grub executeable for secure boot. Then again, can we really trust SecureBoot and the UEFI firmware not being tampered with - that will most probably be the major question on modern systems. Regards -Sven On Tue, November 19, 2013 05:20, Arno Wagner wrote: > On Tue, Nov 19, 2013 at 04:42:55 CET, Ralf Ramsauer wrote: >> Hi, >> >> just an idea, but shouldn't it be possible to implement encryption >> algorithms incl. LUKS to GRUB? > > Possible, yes. But it does not help. Instead of attacking the > kernel image or the initrd, an attacker could just attack the grub > executable, which could then patch the kernel or the initrd. > > -- > Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx > GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D > 9718 > ---- > There are two ways of constructing a software design: One way is to make > it > so simple that there are obviously no deficiencies, and the other way is > to > make it so complicated that there are no obvious deficiencies. The first > method is far more difficult. --Tony Hoare > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
