Re: SHA-1 MBR

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SHA-1 MBR

From:	Javier Martín
Subject:	Re: SHA-1 MBR
Date:	Sat, 21 Feb 2009 02:21:41 +0100

El vie, 20-02-2009 a las 20:02 -0500, Isaac Dupree escribió:
> Jan Alsenz wrote:
> > Yes, that was my point. You need a trusted first step.
> > But the only thing besides a TPM, that can be used for this is the BIOS,
> > which can be flashed.
> > And even, if we assume, that we can construct a BIOS that only boots if the
> > MBR hash matches and can not be flashed prior to this point, there are
> > still two points missing:
> > - After the system has started, the BIOS could be flashed. This is a very
> > possible scenario in a multi user environment.
> > - They could take out the disk and put it in another machine, tamper with
> > the boot code and switch it on. And all your protection is gone.
> >   Ok, you could try to put a needed key in the BIOS too, but then we're
> > back to problem one - and the BIOS can not check if a request for the key
> > is valid. I'm not even sure, if something in the BIOS can be read
> > protected.
> 
> BIOS could be in ROM, un-flashable, including hash/keys and all!  Refuse to 
> boot if the hash doesn't match!  Admittedly this poses some limitations on 
> whether the system can be upgraded, depending how sophisticated you want to 
> be.

This paranoid security talk is growing some big pink elephants which are
being conveniently ignored: you people are trying to protect a HD within
a computer that could be stolen, but you trust that the BIOS chip (in
ROM and whatever you want), which performs the systems initialization
(including RAM and the TPM) cannot be tampered with or even replaced.
When someone pointed the key-in-RAM problem the answer was "I'll just
glue it with epoxy resin"! For crying out loud! Without taking into
account that most epoxy resins take weeks to solidify under 100 ºC, if
the computer is physically stolen it could be subjected to EM-field
analysis. What will be the next madness? Will you wrap every RAM module
in tinfoil, a-la Faraday cage? Will you build a plasma shield around
them? This is going way out of proportion: with non-interactive key
initialization, if the computer is stolen, you are screwed period,
because you have a Mallory-on-steroids-holding-Alice-ransom instead of a
tame Eve. It does not take a rocket scientist (what I'm studying) nor a
cryptographer (one of my hobbies) to notice!

-- 
-- Lazy, Oblivious, Rational Disaster -- Habbit

signature.asc
Description: Esta parte del mensaje está firmada digitalmente

[Prev in Thread]

Current Thread

[Next in Thread]

SHA-1 MBR, phcoder, 2009/02/20
- Re: SHA-1 MBR, Jan Alsenz, 2009/02/20
  - Re: SHA-1 MBR, phcoder, 2009/02/20
    - Re: SHA-1 MBR, Jan Alsenz, 2009/02/20
    - Re: SHA-1 MBR, Isaac Dupree, 2009/02/20
    - Re: SHA-1 MBR, Javier Martín <=
    - Re: SHA-1 MBR, phcoder, 2009/02/21
    - Re: SHA-1 MBR, Jan Alsenz, 2009/02/21
    - Re: SHA-1 MBR, phcoder, 2009/02/21
    - Re: SHA-1 MBR, phcoder, 2009/02/21
- Re: SHA-1 MBR, Alex Besogonov, 2009/02/20

Prev by Date: Re: SHA-1 MBR
Next by Date: Re: SHA-1 MBR
Previous by thread: Re: SHA-1 MBR
Next by thread: Re: SHA-1 MBR
Index(es):
- Date
- Thread