On Mi, 29.09.21 12:47, Leon Fauster (leonfauster@xxxxxxxxxxxxxx) wrote: > > Encryption is not authentication. > > > > Not sure why you would encrypt your boot loader though? The boot > > loader code is hardly a secret, is it? It's the same for everyone and > > open source. > > > > And with which key? a key the user has to type in? how does that help? > > it means the user is queried three times for a pw? once by grub, once > > by cryptsetup and once when logging in? That's not an improvement! > > I think was partly misunderstood. Le me rephrase it. My motivation was > just a thought about one step in the implementation (in the context > of UEFI), that has a huge benefit. Speak, protecting the initrd. Thats the > start point. Well, it encrypts the initrd (which I am not interested in), and it doesn't authenticate it (which I want), and all that with an interactively acquired key (which I don't want). Maybe that solves your specific problem set — but it doesn't solve any of the issues I am trying to address. > Yes, enc != auth - but while speaking about authentication. Dracut > could enroll the signature of the initrd into the allow db (EFI). > So, grub2 could check both, the kernel and the initrd and making the > above encryption completely obsolete, thought. Well, my proposal suggests just including the basic initrd in the kernel image. The kernel's signature would then also validate this basic initrd. My focus is that this kernel/initrd signing happens during build time, not at install time, i.e. the secret signature keys should be held by the building party only, not by the local instalations. Lennart -- Lennart Poettering, Berlin