On 11/20/2013 12:28 AM, Sven Eschenberg wrote: > Aside from the fact that grub2 does actually support loading the kernel > from an encrypted disk, you could still sign your grub executeable for > secure boot. And who will verify authenticity? And where do you want to store the public key for verification? > > Then again, can we really trust SecureBoot and the UEFI firmware not being > tampered with - that will most probably be the major question on modern > systems. Absolutely. But nevertheless, you always will have to trust a certain part of your system. Regards, Ralf > > Regards > > -Sven > > > On Tue, November 19, 2013 05:20, Arno Wagner wrote: >> On Tue, Nov 19, 2013 at 04:42:55 CET, Ralf Ramsauer wrote: >>> Hi, >>> >>> just an idea, but shouldn't it be possible to implement encryption >>> algorithms incl. LUKS to GRUB? >> Possible, yes. But it does not help. Instead of attacking the >> kernel image or the initrd, an attacker could just attack the grub >> executable, which could then patch the kernel or the initrd. >> >> -- >> Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx >> GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D >> 9718 >> ---- >> There are two ways of constructing a software design: One way is to make >> it >> so simple that there are obviously no deficiencies, and the other way is >> to >> make it so complicated that there are no obvious deficiencies. The first >> method is far more difficult. --Tony Hoare >> _______________________________________________ >> dm-crypt mailing list >> dm-crypt@xxxxxxxx >> http://www.saout.de/mailman/listinfo/dm-crypt >> > > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
